Dailydave mailing list archives
Re: DSU
From: TINNES Julien RD-MAPS-ISS <julien.tinnes () francetelecom com>
Date: Wed, 12 Jul 2006 16:03:39 +0200
H D Moore wrote:
Is Immunity using the cron.d technique for getting execution? I really like how the RS-Labs folks did it: http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c
This is the way I wrote it too: http://cr0.org/bordel/prctlpute.c (now that there is a public exploit anyway, no harm done..) It's lucky from an attacker point of view that crontab handles parse errors so nicely.. I wonder if someone came up with another idea. There are other "execute everything here" directories in most distributions but most of them are handled by bash which won't execute strings in a core. -- Julien TINNES - & france telecom - R&D Division/MAPS/NSS Research Engineer - Internet/Intranet Security GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- DSU Dave Aitel (Jul 11)
- Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)