网站地图
【www.gdgbn.com--Frontpage】
Front page server溢出攻击实例<<原创>>下 载:http://www.nsfocus.com/proof/fpse2000ex.c
哈哈~大家好!!~(一上来就骂人??!)危卵~真实越来越"厉害"了,全一段时间的.printer硝烟未尽,现在又出来一个frontpage server fp30reg.dll溢出漏洞~不过便宜新手们了……(嘿嘿~!)关于该漏洞的资料看本站上面的公告!(Bytes~!废话好多!)
言归正传..今天我给大家讲讲怎么利用..
先找一个,小羊羔~~(啊~小鬼子又进村了!!~?)嗯~~~谁呢??就你吧---61.153.xxx.xxx(国内的~别抓我啊~!!我不想坐牢!!).ping一下先,别timed out!就GOD!!!了~哈哈!:
Pinging 61.153.xxx.xxxwith 32 bytes of data:
Reply from 61.153.xxx.xx: bytes=32 time=36ms TTL=124
Reply from 61.153.xxx.xx: bytes=32 time=35ms TTL=124
Reply from 61.153.xxx.xx: bytes=32 time=35ms TTL=124
………………(啊哈~!速度不错~不拿你开刀我都找不到理由~!~哈哈~!我邪恶吗??)
Let me start...
telnet 211.100.xxx.xxx(My fat hen,haha)
Red Hat Linux release 7.0.1J (Guinness)(羡慕吧??~~哈哈)
Kernel 2.2.16-22 on an i686
login: bytes
passwd:xxxxxxx(当然不告诉你la)
[root@glb-linux-1 bytes]#id
uid=0 (root) gid=2513(other)(嘿嘿~@!)
[root@glb-linux-1 bytes]# vi kill.c (copy来原码,顺便说一句,这段程序很漂亮~!!)
/*
* fpse2000ex.c - Proof of concept code for fp30reg.dll overflow bug.
* Copyright (c) 2001 - Nsfocus.com
*
* DISCLAIMS:
* This is a proof of concept code. This code is for test purpose
* only and should not be run against any host without permission from
* the system administrator.
*
* NSFOCUS Security Team
* http://www.nsfocus.com