Full Disclosure mailing list archives
Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
From: Valdis.Kletnieks () vt edu
Date: Mon, 09 May 2005 14:11:57 -0400
On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:
We all saw how short the code was I had for that pwck buffer overflow exploit. He also hardcodes the stack pointer, hahah.
Note that there's absolutely nothing wrong with hardcoding the stack pointer when the ABI makes it impossible for it to have any other value. And if you actually knew C well enough to read the code, you'd see: /*------------------------------------------------------------------------ * "Addr" is the predicted address where the shellcode starts in the * environment buffer. This was determined empirically based on a test * program that ran similarly, and it ought to be fairly consistent. * This can be changed with the "-a" parameter. */ static long addr = 0x7ffffc04; So there's a default value, and a documented -a switch to change it if needed. Compare and contrast this with: offset = 1700; //the offset I first found worked Who's doing the hardcoding here? Steve or the guy who's code you ripped off?
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Steve Friedl (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Micheal Espinola Jr (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Brian Debottari (May 09)
- <Possible follow-ups>
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) imipak (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Steve Friedl (May 09)