Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Solaris/SPARC vulnerable code study

From: jerome.athias at free.fr (Jerome ATHIAS)
Date: Thu, 3 Mar 2005 10:23:06 +0100
Hi,

not directly related to the framework, sorry.
But interesting.



$Id: README,v 1.2 2005/03/02 20:59:13 raptor Exp $

solaris-sparc-exploits.tgz - exploitation under solaris/sparc
Copyright (c) 2003-2005 Marco Ivaldi <raptor AT 0xdeadbeef DOT info>

Package contents:
.
./CREDITS   information about the authors
./README   this file

./getenv
./getenv/getenv1-ex.c  getenv1.c exploit #1 (env-based overflow)
./getenv/getenv1-ex2.c  getenv1.c exploit #2 (env-based overflow)
./getenv/getenv1-ex3.c  getenv1.c exploit #3 (ret-into-envp technique)
./getenv/getenv1-ex4.c  getenv1.c exploit #4 (ret-into-libc technique)
./getenv/getenv1.c  getenv1.c vulnerable code

./heap
./heap/heap1-ex.c  heap1.c exploit #1 (heap-based, thr_jmp_table)
./heap/heap1-ex2.c  heap1.c exploit #2 (heap-based, ti_jmp_table)
./heap/heap1-ex3.c  heap1.c exploit #3 (heap-based, static_mem)
./heap/heap1-ex4.c  heap1.c exploit #4 (heap-based, automagical)
./heap/heap1.c   heap1.c vulnerable code

./retlibc
./retlibc/retlibc1-ex.c  retlibc1.c exploit #1 (return to execl())
./retlibc/retlibc1-ex2.c retlibc1.c exploit #2 (return to system())
./retlibc/retlibc1-ex3.c retlibc1.c exploit #3 (return to strcpy())
./retlibc/retlibc1-ex4.c retlibc1.c exploit #4 (return to strcpy())
./retlibc/retlibc1-ex5.c retlibc1.c exploit #5 (return to strdup())
./retlibc/retlibc1-ex6.c retlibc1.c exploit #6 (chained ret-into-libc)
./retlibc/retlibc1.c  retlibc1.c vulnerable code

./stack
./stack/stack1-ex.c  stack1.c exploit #1 (classic stack overflow)
./stack/stack1-ex2.c  stack1.c exploit #2 (classic stack overflow)
./stack/stack1-ex3.c  stack1.c exploit #3 (ret-into-envp technique)
./stack/stack1-ex4.c  stack1.c exploit #4 (ret-into-envp technique)
./stack/stack1.c  stack1.c vulnerable code

./static
./static/static1-ex.c  static1.c exploit #1 (static .data overflow)
./static/static1.c  static1.c vulnerable code


http://www.0xdeadbeef.info/code/solaris-sparc-exploits.tgz

Have a good one, Jerome.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3801 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20050303/57e721ab/attachment.bin>
Previous By Date Next
Previous By Thread Next

Current thread: