Vulnerability Development mailing list archives
Re: development of wordpad exploit
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Sat, 20 Nov 1999 02:40:38 -0800
On Fri, Nov 19, 1999 at 10:29:36PM -0500, Witold Chrabaszcz wrote:
This does indeed seem to have generated a lot of interest. I guess this is a good indication that at least some of us on this list, despite having a decent background in programming and a fair understanding of various security issues are in the dark as to how various bugs/oversights are exploited. This includes me as well.
I would suggest a few places to begin reading; I can't say "it worked for me" since I have never programmed an overflow exploit myself. However, within the last week or so, someone posted onto bugtraq and explanation how to code exploits for the Alpha CPU. Of course, it won't help much directly, but the flavor is there, and some of the information will work nicely. I seem to recall some overflow exploiting being done by the guy that cracked the hackpcweek.com linux box -- he wrote a very nice article detailing what steps he took, though he might not have actually overflowed anything. Good reading all the same. Also, Aleph1 wrote a nice piece entitled "smashing the stack for fun and profit" if I recall correctly... I think it appeared in a past issue of phrack (53?) and is likely available in the library on securityfocus.com. I hope these lowly pointers are enough to get some of you started. :) -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Current thread:
- Re: development of wordpad exploit, (continued)
- Re: development of wordpad exploit Taneli Huuskonen (Nov 19)
- Re: development of wordpad exploit Jason Paulson (Nov 19)
- Re: development of wordpad exploit Riley, Steven (Nov 19)
- Re: development of wordpad exploit Thomas Dullien (Nov 19)
- Re: development of wordpad exploit Harlan Carvey (Nov 19)
- Re: development of wordpad exploit Vanna P. Rella (Nov 19)
- Re: development of wordpad exploit Witold Chrabaszcz (Nov 19)
- Re: development of wordpad exploit Blue Boar (Nov 19)
- Re: development of wordpad exploit Rodrick Brown (Nov 19)
- [Fwd: INZIDER!] Blue Boar (Nov 19)
- Re: development of wordpad exploit Seth R Arnold (Nov 20)
- Re: development of wordpad exploit Witold Chrabaszcz (Nov 19)
- Re: development of wordpad exploit Aubrey Smith (Nov 20)
- Re: development of wordpad exploit Thomas Dullien (Nov 20)
- Re: development of wordpad exploit Dave Harvill (Nov 20)
- Re: development of wordpad exploit Pauli Ojanpera (Nov 21)
- Re: development of wordpad exploit Thomas Dullien (Nov 22)