Dailydave mailing list archives

Re: DSU

From: TINNES Julien RD-MAPS-ISS <julien.tinnes () francetelecom com>
Date: Wed, 12 Jul 2006 16:03:39 +0200

H D Moore wrote:

Is Immunity using the cron.d technique for getting execution? I really 
like how the RS-Labs folks did it:

http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c


This is the way I wrote it too:

http://cr0.org/bordel/prctlpute.c (now that there is a public exploit
anyway, no harm done..)

It's lucky from an attacker point of view that crontab handles parse
errors so nicely..

I wonder if someone came up with another idea. There are other "execute
everything here" directories in most distributions but most of them are
handled by bash which won't execute strings in a core.

-- 
Julien TINNES - & france telecom - R&D Division/MAPS/NSS
Research Engineer - Internet/Intranet Security
GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

DSU Dave Aitel (Jul 11)
- Re: DSU pageexec (Jul 11)
  - Re: DSU Florian Weimer (Jul 12)
    - Re: DSU pageexec (Jul 12)
    - Re: DSU Florian Weimer (Jul 12)
    - Re: DSU pageexec (Jul 12)
    - Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)
- Re: DSU H D Moore (Jul 12)
  - Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)
- <Possible follow-ups>
- Re: DSU Rodrigo Rubira Branco (BSDaemon) (Jul 12)
- Re: DSU Steven M. Christey (Jul 26)