Vulnerability Development mailing list archives
Re: [Vuln-dev Challenge] Challenge #2
From: spacewalker <spacewalker () 0xbadc0de be>
Date: Sat, 24 May 2003 13:11:13 +0200
0wn3d. Ret into libc exploitation, no setuid() stuff, quite simple in
fact.
The challenge would have been interesting if the fopen() wasn't "a" but
create and write from beginning.
$ ./exploit
Using system address 0x4005f531
And overwriting printf got at 0x0804971c starting by 0x08049713
sh-2.05b$ exit
exit
Segmentation fault
default offset is 5 (could vary).
spacewalker
/* Say NO to target[n] exploits ! */
Attachment:
exploit.c
Description:
Current thread:
- [Vuln-dev Challenge] Challenge #2 Dave McKinney (May 23)
- Re: [Vuln-dev Challenge] Challenge #2 Thomas Cannon (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 (SPOILER) Joel Eriksson (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 (SPOILER) Joel Eriksson (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Jason_Royes (May 24)
- [Vuln-dev Challenge] nonexec stack&heap solution (encrypted) Jose Ronnick (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 anon (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 spacewalker (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Jose Ronnick (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Janus N. (May 24)
- Re: [Vuln-dev Challenge] Challenge #2 Diode Trnasistor (May 26)
- Re: [Vuln-dev Challenge] Challenge #2 Janus N. (May 26)
- Re: [Vuln-dev Challenge] Challenge #2 Robert Hogan (May 30)
- Re: [Vuln-dev Challenge] Challenge #2 Janus N. (May 30)
- Re: [Vuln-dev Challenge] Challenge #2 Diode Trnasistor (May 26)
- Gera's Insecure Programing abo7 sin (May 30)
- <Possible follow-ups>
- Re: [Vuln-dev Challenge] Challenge #2 D. (May 24)
- N00b questions :\ Diode Trnasistor (May 24)