|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] DSU
From: TINNES Julien RD-MAPS-ISS (julien.tinnes
francetelecom.com)
Date: Wed Jul 12 2006 - 09:03:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
H D Moore wrote:
> Is Immunity using the cron.d technique for getting execution? I really
> like how the RS-Labs folks did it:
>
> http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
>
This is the way I wrote it too:
http://cr0.org/bordel/prctlpute.c (now that there is a public exploit
anyway, no harm done..)
It's lucky from an attacker point of view that crontab handles parse
errors so nicely..
I wonder if someone came up with another idea. There are other "execute
everything here" directories in most distributions but most of them are
handled by bash which won't execute strings in a core.
--
Julien TINNES - & france telecom - R&D Division/MAPS/NSS
Research Engineer - Internet/Intranet Security
GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]