|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Parris (brian.parris
VERIZON.NET)Date: Sun Apr 01 2001 - 12:52:53 CDT
I keep trying all these exploits posted on the list on my webserver with no
success, they all say "bug exploited successfully" but don't give root, am I
doing something wrong?
Brian Parris
brian.parrisverizon.net
----- Original Message -----
From: "Tim Yardley" <yardleyUIUC.EDU>
To: <BUGTRAQSECURITYFOCUS.COM>
Sent: Saturday, March 31, 2001 9:12 PM
Subject: .. ptrace improvement
> As always, there are always ways to improve things. This version of the
> exploit posted here previously overwrites the dl _start routine and doesnt
> modify eip. This will help on stack non-exec systems and doesnt require
> you to calculate the bss offset. I didn't test it, but this should still
> work on a stackguard compiled program as well.
>
> your mileage may vary, and this will still suffer from the disk cache
issue
> (speed becoming a paramount concern). the recent post by "Ihq" where his
> exploit created a big file, is one way to fill out the cache so that the
> suid binary is not in the cache. manual methods are just as easy.
>
> rsh, gpasswd, passwd, etc etc are all common choices for hitting.
anything
> will work.
>
> more details lay within the code. enjoy.
>
> /tmy
----------------------------------------------------------------------------
----> > -- Diving into infinity my consciousness expands in inverse > proportion to my distance from singularity > > +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - > --------------+ > | Tim Yardley (yardley
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]