lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dunceor at gmail.com (Dunceor .) Subject: basic exploit coding on solaris sparc Here is a few texts that might help you. http://community.core-sdi.com/~juliano/thc3-en.txt http://community.core-sdi.com/~juliano/mudge-bof.pdf http://community.core-sdi.com/~juliano/dlsparc.zip Visit http://community.core-sdi.com/~juliano/ for more information of vuln coding. / Dunceor On Wed, 20 Oct 2004 23:16:42 -0600, Fabio <fabio@...arium.com> wrote: > Hi. > > I am trying to learn Solaris Sparc assembly and how exploits works on > this architecture. I have a setuid root binary that has the following bug: > > #include <sys/stat.h> > #include <stdio.h> > #include <string.h> > #include <stdlib.h> > > main(int argc,char *argv[]) > { > char buffer[40]; > char buffarg[20]; > char *mailpath; > strcpy(buffer,"/var/mail/"); > if (argc == 2) > { > strcpy(buffarg,argv[1]); > mailpath=strcat(buffer,buffarg); > printf("\nRemoving: %s\n",mailpath); > if(!unlink(mailpath)) > { > printf("Mailbox: %s delete\n\n", mailpath); > > } > } > } > > I found this shellcode (120 bytes long) > > http://shellcode.org/Shellcode/Solaris/solaris-sparc-shellcode.html > > the behavoir is the following: > > nietzsche% ./b `perl -e 'print "A" x 1000'` > Segmentation fault (core dumped) > nietzsche% ./b `perl -e 'print "A" x 24'` > Segmentation fault (core dumped) > > The less value without core dump is 23. > > I am interested in code a exploit that execute a root shell, on > 'smashing the stack' article they refer to Linux and x86, so I cant see > information about sparc and register windowing. > > Anyone can help me to reproduce a exploit for the sample provided? > > Thanks in advance. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists