Re: buffer overflows encapsultation

[Robert van der Meulen <rvdm () CISTRON NL>]

Hi.

Quoting gregory duchemin (c3rb3r () HOTMAIL COM):
> encapsulating buffer overflow.  I mean an eggshell to exploit, for
> instance, a low priviledge user like nobody through a usual vulnerable cgi
> but this eggshell would be crafted to locally exploit another buffer
> overflow in the way this time to get root.
Maybe i'm not understanding you here.
Why would you want to do that ? If you can exploit the first hole, you can
do the second one from a shell.
I guess it would be possible to have your first overflow exec the second
vulnerable program instead of /bin/sh - but you would have to add your
2nd-stage buffer overflow code into the execve code in the buffer you're
using to exploit the first one.

Afaik this is useless; a lot of extra work to automate what you can do
faster by hand (apart from that; an exploit like that wouldn't prove
anything; just that you can do a two-stage exploit by exploiting one program
first, and having the exploit exploit a second one automatically)

Greets,
        Robert

--
                              Linux Generation
             Never trust a child farther than you can throw it.