lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3EFB6214.3030005@terra.com.br>
Date: Thu, 26 Jun 2003 19:13:56 -0200
From: Lucas <lgates@...ra.com.br>
To: bugtraq@...urityfocus.com
Subject: hello-exploit.c

Hello ppl!! This is my debut on bugtraq!!
A few days ago someone posted a vulnerability in securecode.c (from 
Tidbit^H^H^HTripBit) ...
Anyway I decided to code the exploit  for learning purposes... (this is 
my first exploit!!) Have fun!!

(note: you can't take over the world with this exploit....)
(Another note: I couldn't overwrite eip with the first strcpy... but I 
could overwrite eax.... :\
    I would really enjoy it if someone explained that to me!)

./securecode -s `perl -e 'print "A"x"2000"'`

gives me the following registers:

Program received signal SIGSEGV, Segmentation fault.
0x080485e5 in main ()
(gdb) info reg
eax            0x41414141       1094795585
ecx            0x40154360       1075135328
edx            0x5050504        84215044
ebx            0x40155f50       1075142480
esp            0xbfffec50       0xbfffec50
ebp            0xbffff068       0xbffff068
esi            0x40012780       1073817472
edi            0xbffff0b4       -1073745740
eip            0x80485e5        0x80485e5
eflags         0x210286 2163334
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1f80   8064
orig_eax       0xffffffff       -1

Thank you for your help!!



In Memory of PoD   (not the band or whatever)

PS: Sorry... I put TidBit instead of TripBit   (man... I prolly offended 
someone!!)

View attachment "hello-xp.c" of type "text/plain" (2732 bytes)

View attachment "securecode.c" of type "text/plain" (6999 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ