Full Disclosure mailing list archives
Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
From: Day Jay <d4yj4y () yahoo com>
Date: Tue, 10 May 2005 14:21:49 -0700 (PDT)
I'm sorry for being such a bastard. After looking more into this guy's site, it looks pretty sweet. d. --- Day Jay <d4yj4y () yahoo com> wrote:
Jesus H. Christ! I never "claimed" to be a master at c coding or being the greatest like this guy did and he *still* hardcoded his shit and he's probably still mad. My code was short and sweet and worked, and it just demonstrated the bug. I never claimed to be a master c-coder. In fact, I never claim/ed to know how to code at all and people keep insisting I'm so good. :p Everyone so far has gone off topic about the original message which was the POC code about the PWCK program that was flawed and then everyone decided to go dick waving for NO REASON. Maybe it's because you guys aren't getting laid or your anal adventures have had some downtime, who knows. So, my code works, and if people want to claim to be so good, go ahead-show us something though and stop talking and thinking you are so good. d. "Whitehats have the tendency to be scared/unable to apply black arts and instead clasp their theories and what ifs still never knowing what it was like to hack" --- Valdis.Kletnieks () vt edu wrote:On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:We all saw how short the code was I had for thatpwckbuffer overflow exploit. He also hardcodes thestackpointer, hahah.Note that there's absolutely nothing wrong with hardcoding the stack pointer when the ABI makes it impossible for it to have any other value. And if you actually knew C well enough to read the code, you'd see:
/*------------------------------------------------------------------------
* "Addr" is the predicted address where the shellcode starts in the * environment buffer. This was determined empirically based on a test * program that ran similarly, and it ought to be fairly consistent. * This can be changed with the "-a" parameter. */ static long addr = 0x7ffffc04; So there's a default value, and a documented -a switch to change it if needed. Compare and contrast this with: offset = 1700; //the offset I first found worked Who's doing the hardcoding here? Steve or the guy who's code you ripped off?__________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too), (continued)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Valdis . Kletnieks (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) tuytumadre (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) J u a n (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Micheal Espinola Jr (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) James Tucker (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 09)
- Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too) Day Jay (May 10)