Metasploit mailing list archives
Solaris/SPARC vulnerable code study
From: jerome.athias at free.fr (Jerome ATHIAS)
Date: Thu, 3 Mar 2005 10:23:06 +0100
Hi, not directly related to the framework, sorry. But interesting. $Id: README,v 1.2 2005/03/02 20:59:13 raptor Exp $ solaris-sparc-exploits.tgz - exploitation under solaris/sparc Copyright (c) 2003-2005 Marco Ivaldi <raptor AT 0xdeadbeef DOT info> Package contents: . ./CREDITS information about the authors ./README this file ./getenv ./getenv/getenv1-ex.c getenv1.c exploit #1 (env-based overflow) ./getenv/getenv1-ex2.c getenv1.c exploit #2 (env-based overflow) ./getenv/getenv1-ex3.c getenv1.c exploit #3 (ret-into-envp technique) ./getenv/getenv1-ex4.c getenv1.c exploit #4 (ret-into-libc technique) ./getenv/getenv1.c getenv1.c vulnerable code ./heap ./heap/heap1-ex.c heap1.c exploit #1 (heap-based, thr_jmp_table) ./heap/heap1-ex2.c heap1.c exploit #2 (heap-based, ti_jmp_table) ./heap/heap1-ex3.c heap1.c exploit #3 (heap-based, static_mem) ./heap/heap1-ex4.c heap1.c exploit #4 (heap-based, automagical) ./heap/heap1.c heap1.c vulnerable code ./retlibc ./retlibc/retlibc1-ex.c retlibc1.c exploit #1 (return to execl()) ./retlibc/retlibc1-ex2.c retlibc1.c exploit #2 (return to system()) ./retlibc/retlibc1-ex3.c retlibc1.c exploit #3 (return to strcpy()) ./retlibc/retlibc1-ex4.c retlibc1.c exploit #4 (return to strcpy()) ./retlibc/retlibc1-ex5.c retlibc1.c exploit #5 (return to strdup()) ./retlibc/retlibc1-ex6.c retlibc1.c exploit #6 (chained ret-into-libc) ./retlibc/retlibc1.c retlibc1.c vulnerable code ./stack ./stack/stack1-ex.c stack1.c exploit #1 (classic stack overflow) ./stack/stack1-ex2.c stack1.c exploit #2 (classic stack overflow) ./stack/stack1-ex3.c stack1.c exploit #3 (ret-into-envp technique) ./stack/stack1-ex4.c stack1.c exploit #4 (ret-into-envp technique) ./stack/stack1.c stack1.c vulnerable code ./static ./static/static1-ex.c static1.c exploit #1 (static .data overflow) ./static/static1.c static1.c vulnerable code http://www.0xdeadbeef.info/code/solaris-sparc-exploits.tgz Have a good one, Jerome. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3801 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20050303/57e721ab/attachment.bin>
Current thread:
- Solaris/SPARC vulnerable code study Jerome ATHIAS (Mar 03)