|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Valdis.Kletnieks
vt.edu
Date: Mon May 09 2005 - 13:11:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:
> We all saw how short the code was I had for that pwck
> buffer overflow exploit. He also hardcodes the stack
> pointer, hahah.
Note that there's absolutely nothing wrong with hardcoding the
stack pointer when the ABI makes it impossible for it to have
any other value. And if you actually knew C well enough to read
the code, you'd see:
/*------------------------------------------------------------------------
* "Addr" is the predicted address where the shellcode starts in the
* environment buffer. This was determined empirically based on a test
* program that ran similarly, and it ought to be fairly consistent.
* This can be changed with the "-a" parameter.
*/
static long addr = 0x7ffffc04;
So there's a default value, and a documented -a switch to change it if needed.
Compare and contrast this with:
offset = 1700; //the offset I first found worked
Who's doing the hardcoding here? Steve or the guy who's code you ripped off?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFCf6ftcC3lWbTT17ARAi8nAJsH4+45mxPYFuDOFSqa3LlKAKPoaACdFx9k
fMrOwOfmhmrz5SffjKMt8ws=
=kJUk
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]