Linux vps-4302913.novaexata.com.br 3.10.0-1160.119.1.el7.tuxcare.els19.x86_64 #1 SMP Mon Mar 31 17:29:00 UTC 2025 x86_64
Apache
: 162.214.88.42 | : 216.73.216.156
166 Domain
7.3.33
wwnova
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
systemtap /
examples /
security-band-aids /
[ HOME SHELL ]
Name
Size
Permission
Action
cve-2008-0600.meta
209
B
-rw-r--r--
cve-2008-0600.stp
144
B
-rw-r--r--
cve-2008-0600.txt
345
B
-rw-r--r--
cve-2012-0056.meta
209
B
-rw-r--r--
cve-2012-0056.stp
75
B
-rw-r--r--
cve-2013-2094.meta
209
B
-rw-r--r--
cve-2013-2094.stp
418
B
-rw-r--r--
cve-2014-7169.meta
209
B
-rw-r--r--
cve-2014-7169.stp
82
B
-rw-r--r--
cve-2015-0235.meta
209
B
-rw-r--r--
cve-2015-0235.stp
2.17
KB
-rw-r--r--
cve-2015-3456.meta
209
B
-rw-r--r--
cve-2015-3456.stp
234
B
-rw-r--r--
cve-2015-7547.meta
209
B
-rw-r--r--
cve-2015-7547.stp
153
B
-rw-r--r--
cve-2016-0728.meta
209
B
-rw-r--r--
cve-2016-0728.stp
2.56
KB
-rw-r--r--
cve-2016-5195.meta
209
B
-rw-r--r--
cve-2016-5195.stp
371
B
-rw-r--r--
cve-2017-6074.meta
209
B
-rw-r--r--
cve-2017-6074.stp
264
B
-rw-r--r--
cve-2018-14634.meta
212
B
-rw-r--r--
cve-2018-14634.stp
1.16
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : cve-2015-0235.stp
#!/usr/bin/stap -g global added% global trap = 1 /* stap -G trap=0 to only trace, not fix */ /* CVE-2015-0235 "ghostbuster" band-aid Works by incrementing the size_needed variable set around line 86 of glibc nss/digits_dots.c, so as to account for the missing sizeof (*h_alias_ptr). This makes the subsequent comparisons work and return error codes for buffer-overflow situations. GLIBC DWARF debuginfo is needed, because we insert a statement probe just after the initial assignment. stap -g (guru mode) is needed because we're modifying state. 85 86 size_needed = (sizeof (*host_addr) 87 + sizeof (*h_addr_ptrs) + strlen (name) + 1); 88 89 if (buffer_size == NULL) 90 { 91 if (buflen < size_needed) 92 { 93 if (h_errnop != NULL) 94 *h_errnop = TRY_AGAIN; 95 __set_errno (ERANGE); 96 goto done; 97 } 98 } 99 else if (buffer_size != NULL && *buffer_size < size_needed) 100 { 101 char *new_buf; 102 *buffer_size = size_needed; 103 new_buf = (char *) realloc (*buffer, *buffer_size); */ probe process("/lib*/libc.so.6") /* Adjust wildcard for your distro. */ .statement("__nss_hostname_digits_dots@*:87-102") /* We use a range here because optimized glibc may only have a few clear-cut PC-ranges for statements. This particular line range is unusually reliable, because the digits_dots.c file has seen very little change in glibc, up until the CVE bug fix. We use the added[] array to make sure we only increment once per thread per function invocation. */ { if (! added[tid()]) { added[tid()] = 1; # we only want to add once printf("%s[%d] BOO! size_needed=%d ", execname(), tid(), $size_needed) if (trap) { /* The &@cast() business is a fancy sizeof(uintptr_t), which makes this script work for both 32- and 64-bit glibc's. */ $size_needed = $size_needed + &@cast(0, "uintptr_t")[1] printf("ghostbusted to %d", $size_needed) } printf("\n") } } probe process("/lib*/libc.so.6").function("__nss_hostname_digits_dots").return { delete added[tid()] }
Close
