From c9cbeced5b3f2bdd7407e29c0811e65954132540 Mon Sep 17 00:00:00 2001
From: Root THC
Date: Tue, 24 Feb 2026 12:42:47 +0000
Subject: initial

---
 exploits/7350wurm/shellcode/pt/Makefile  |   8 ++++++
 exploits/7350wurm/shellcode/pt/README    |   6 +++++
 exploits/7350wurm/shellcode/pt/rptrace.c |  42 +++++++++++++++++++++++++++++++
 exploits/7350wurm/shellcode/pt/rptrace.o | Bin 0 -> 1456 bytes
 exploits/7350wurm/shellcode/pt/x.tar.gz  | Bin 0 -> 800 bytes
 5 files changed, 56 insertions(+)
 create mode 100644 exploits/7350wurm/shellcode/pt/Makefile
 create mode 100644 exploits/7350wurm/shellcode/pt/README
 create mode 100644 exploits/7350wurm/shellcode/pt/rptrace.c
 create mode 100644 exploits/7350wurm/shellcode/pt/rptrace.o
 create mode 100644 exploits/7350wurm/shellcode/pt/x.tar.gz

(limited to 'exploits/7350wurm/shellcode/pt')

diff --git a/exploits/7350wurm/shellcode/pt/Makefile b/exploits/7350wurm/shellcode/pt/Makefile
new file mode 100644
index 0000000..e5e1fd5
--- /dev/null
+++ b/exploits/7350wurm/shellcode/pt/Makefile
@@ -0,0 +1,8 @@
+
+all:	rptrace.c
+	rm -f rptrace.o
+	gcc -c -I/usr/src/linux/include -O2 -Wall rptrace.c -o rptrace.o
+
+clean:
+	rm -f rptrace.o
+
diff --git a/exploits/7350wurm/shellcode/pt/README b/exploits/7350wurm/shellcode/pt/README
new file mode 100644
index 0000000..0139382
--- /dev/null
+++ b/exploits/7350wurm/shellcode/pt/README
@@ -0,0 +1,6 @@
+This is a *simple* HACK to get around the ptrace/exec security problem
+in linux <2.2.19. It simply disables ptrace for everyone except root.
+Just make, and insmod the .o .. and your uptime will be preserved! :P
+
+-MadCamel (madcamel@energymech.net)
+
diff --git a/exploits/7350wurm/shellcode/pt/rptrace.c b/exploits/7350wurm/shellcode/pt/rptrace.c
new file mode 100644
index 0000000..f7de48b
--- /dev/null
+++ b/exploits/7350wurm/shellcode/pt/rptrace.c
@@ -0,0 +1,42 @@
+#define MODULE
+#define __KERNEL__
+#include <linux/module.h> 
+#include <linux/kernel.h>
+#include <sys/syscall.h>
+#include <linux/smp_lock.h>
+#include <linux/capability.h>  
+
+struct task_struct *init_hook = NULL;
+extern void *sys_call_table[];
+
+int (*o_ptrace)(int, int, int, int);
+
+int n_ptrace(int req, int pid, int addr, int data)
+{
+	int r;
+	
+	r = o_ptrace(req, pid, addr, data);
+	printk ("PTRACE (%08x, %08x, %08x, %08x) = %08x\n", req, pid, addr, data, r);
+	return (r);
+}
+
+#define REPLACE(x) o_##x = sys_call_table[__NR_##x];\
+			sys_call_table[__NR_##x] = n_##x
+int init_module(void)
+{
+	lock_kernel();
+	EXPORT_NO_SYMBOLS;
+	REPLACE(ptrace);
+	unlock_kernel();
+	return(0);
+}
+
+#define RESTORE(x) sys_call_table[__NR_##x] = o_##x
+int cleanup_module(void)
+{
+	lock_kernel();
+	RESTORE(ptrace);
+	unlock_kernel();
+	return(0);
+}
+
diff --git a/exploits/7350wurm/shellcode/pt/rptrace.o b/exploits/7350wurm/shellcode/pt/rptrace.o
new file mode 100644
index 0000000..dd3bc56
Binary files /dev/null and b/exploits/7350wurm/shellcode/pt/rptrace.o differ
diff --git a/exploits/7350wurm/shellcode/pt/x.tar.gz b/exploits/7350wurm/shellcode/pt/x.tar.gz
new file mode 100644
index 0000000..06ba614
Binary files /dev/null and b/exploits/7350wurm/shellcode/pt/x.tar.gz differ
-- 
cgit v1.3