Full Disclosure mailing list archives
Re: "Fire and forget" exploits?
From: endrazine <endrazine () gmail com>
Date: Fri, 20 Oct 2006 17:52:28 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Brendan Dolan-Gavitt wrote:
Hi, I'm looking for examples of (remote) security vulnerabilities whose exploitation involves no guesswork--eg, no bruteforcing the return address, or altering your exploit based on the server's response, etc.
I guess you're thinking about _remote_ exploitation ? You don't have to guess anything for a local bo for instance.. Anyway :
It seems like this kind of exploit is dying out, particularly as different flavors of Linux proliferate, each with their own slightly
Target the kernel ? Use linux-gate.so ? Portability of your exploit will greatly depend on how you choose to exploit the vulnerability, since it's quite common to have to choose btw several exploitation scenarii..
different libc and userland; in the Windows world, however, we still find "universal" exploits that work on NT4/2k/XP over a variety of service packs.
the language also affects some pointers. Anyway, if you need let s say a jmp esp , you can try to choose one location in memory that contains this opcode for several SP/languages. But I don't think you can prove any exploit will be universal... (can you ? ;)
Anyways, if anyone has come across things like this, I'd greatly appreciate hearing about it. I'm working on some new methods to deliver exploits at once while minimizing recon. Thanks, Brendan Dolan-Gavitt
Cheers, endrazine- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFOPC7zX6JtL3KgRURAqAyAKDaza2Khkjv9qVd9NZAtu/xjHjxFgCg2z8D V4wY66PaL6iTgk7QrQg31jc= =pkfO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- "Fire and forget" exploits? Brendan Dolan-Gavitt (Oct 20)
- Re: "Fire and forget" exploits? endrazine (Oct 20)
- Re: "Fire and forget" exploits? Bruce Ediger (Oct 20)
- Re: "Fire and forget" exploits? Marcus Meissner (Oct 20)
- Re: "Fire and forget" exploits? Nick FitzGerald (Oct 20)