From: Dave Aitel (daveimmunitysec.com)
Date: Tue Mar 23 2004 - 12:43:58 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The files listed at http://www.wiley.com/legacy/compbooks/koziol/ contain:

1. CANVAS's old win32 shellcode (we're much cooler now) - still good
to read through if you want to se how a real exploit works around bugs
in kernel32.dll. It's heavily documented as well, and it's interesting
to see the differences between how I did this and how LSD and a few
others have done this sort of thing.

2. A spike script from back in the day that crashes dtlogin due to a
double-free (this is the CDE bug Iimentioned a short time ago).
dtlogin is remotely exploitable by default on, say, Solaris. I might
release an advisory sometime next week if I have time to write it up.
I would still recommend buying the book, since you get to go through
my process on how I found it in the first place, which is a lot more
valuable than one double free against Solaris, Irix, Tru64, etc.

I believe Sinan Eren's Solaris and OpenBSD kernel exploits are also in
the package, along with his Tru64 ttdb remote. I also see some
database exploits for Oracle and DB2 sitting in the package...

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAYIVuzOrqAtg8JS8RAmH+AJ9j1TviAxdWuWB8WpL5kjcN40isOgCePUMO
tcQshRbobvvTX6vyTemgyOQ=
=o+VZ
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]