Re: XFree86 font.alias exploit hangup....

[Marco Ivaldi <raptor () 0xdeadbeef info>]

On Fri, 27 Feb 2004 lazy () server gwsh gda pl wrote:

> On Sun, Feb 22, 2004 at 10:51:18AM -0000, Dev wrote:
> > My problem is that once i launch the exploit the X display appears momentarily & the keyboard locks up * so now i 
> > can only access the box from the network & on a different shell.
> > Offsets etc are all fine & an STRACE yields the following log which does indicate that the exploit was successful & 
> > execve'd /bin//sh. But I am confised about the last few lines of the strace log.
> > Plz tell me as to whether my root shell has exited because of some error in the last few calls?
> it looks like X closes STDIN or it's unavaiable because text console is disabled
> so you can't directly use execve. Text console
> is broken because X i interupted during startup.
>
> try this shellcode it chmods 777 /bin/chmod you can change code below dzic:
> to start a bindshell or try to exec /bin/sh with a delay (to let sighendler do its job)
>  maybe sighandler will make STDIN/STDOUT usefull again
>
> The trick is to force SIGSEGV on X to call its cleanup handlers.

You may also want to try my stdin re-open shellcode, available at:

http://www.0xdeadbeef.info/code/gets-linux.c

Cheers,

-- 
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707