lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon May  9 19:22:52 2005
From: d4yj4y at yahoo.com (Day Jay)
Subject: PWCK Overflow POC Code Redhat/Suse older
	versions or something (maybe later too) 

Jesus H. Christ!

I never "claimed" to be a master at c coding or being
the greatest like this guy did and he *still*
hardcoded his shit and he's probably still mad.

My code was short and sweet and worked, and it just
demonstrated the bug. I never claimed to be a master
c-coder. In fact, I never claim/ed to know how to code
at all and people keep insisting I'm so good. :p

Everyone so far has gone off topic about the original
message which was the POC code about the PWCK program
that was flawed and then everyone decided to go dick
waving for NO REASON. Maybe it's because you guys
aren't getting laid or your anal adventures have had
some downtime, who knows. So, my code works, and if
people want to claim to be so good, go ahead-show us
something though and stop talking and thinking you are
so good.


d.
"Whitehats have the tendency to be scared/unable to
apply black arts and instead clasp their theories and
what ifs still never knowing what it was like to hack"


--- Valdis.Kletnieks@...edu wrote:

> On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:
> > We all saw how short the code was I had for that
> pwck
> > buffer overflow exploit. He also hardcodes the
> stack
> > pointer, hahah.
> 
> Note that there's absolutely nothing wrong with
> hardcoding the
> stack pointer when the ABI makes it impossible for
> it to have
> any other value.  And if you actually knew C well
> enough to read
> the code, you'd see:
> 
>
/*------------------------------------------------------------------------
>  * "Addr" is the predicted address where the
> shellcode starts in the
>  * environment buffer. This was determined
> empirically based on a test
>  * program that ran similarly, and it ought to be
> fairly consistent.
>  * This can be changed with the "-a" parameter.
>  */
> static long	addr = 0x7ffffc04;
> 
> So there's a default value, and a documented -a
> switch to change it if needed.
> 
> Compare and contrast this with:
> 
>   offset = 1700; //the offset I first found worked
> 
> Who's doing the hardcoding here? Steve or the guy
> who's code you ripped off?
> 



	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ