This is a misc. exploit for the linux-SVGAlib space plumber game. It is due to a simple oversight in the command line parser which uses strcpy() to copy to an unchecked 250 byte buffer. A perl script is provided for the lazy person.
In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any file(ie: /etc/issue), thus when root runs the ppp-off script, the output of 'ps x' would be put in the linked file.
This exploit is written in Perl and is used to gain root access on Redhat Linux 6.2. It uses the setuid and setgid functions to gain root access. It also uses the dump and restore commands to gain access to the system.
This exploit code is for oidldapd in Oracle 8.1.6 (8ir2) for Linux. It allows any user to gain euid=oracle by exploiting a buffer overflow vulnerability. The exploit code creates a buffer of 700 bytes and fills it with NOP instructions. It then copies the shellcode into the buffer and sets the environment variable EGG to the buffer. It then executes the oidldapd binary with the environment variable set.
This exploit is used to gain root access on RedHat 6.2 systems with /sbin/restore not “fucked up”. The exploit creates a shell script in the user’s home directory, which is then executed by the restore command. The script creates a copy of the /bin/sh binary in the user’s home directory and sets the setuid bit on it. This allows the user to gain root access.
There is a remote exploitable buffer overflow in Half Life server (3.1.0.x) for linux (HLDS). The problem is related to the RCON command (Remote CONsole). After several tests, we found out the 'rcon' command is also vulnerable to a format string attack which can also lead to a remote exploit. YOU DO NOT NEED THE RCON PASSWORD TO EXPLOIT THIS VULNERABILITY, which means any multiplayer server is vulnerable to the attack.
This exploit gives an egid=60(games) shell if gnomehack is sgid(=2755) games on Debian/2.2, which has gnomehack. It can also be applied to nethack. Syntax: ./deb_gnomehack [offset] [alignment]. Example: # ./deb_gnomehack 500 0. Overflow exists in $NETHACKOPTIONS as well, like nethack.
p7snort191.sh is a remote exploit for Snort 1.9.1 and below. It sends an evil packet to the target IP address with a return address of 0819fec2 (SlaCkEr's shellcode). The exploit is tested on Slackware 8.0 with Snort 1.9.1 from sources.
This exploit code is for the News Update 1.1 vulnerability. It is a buffer overflow exploit which allows an attacker to execute arbitrary code on the vulnerable system. The exploit is written in C and can be compiled with gcc. It can be used to gain access to the vulnerable system and execute malicious code.
This exploit is a local root exploit in LBNL traceroute. It is a program written in C which is used to gain root access on a system. It uses a buffer overflow vulnerability to overwrite the return address of the function and execute arbitrary code. The exploit is written by Michel Kaempf and was released in 2000.
Services By CQR