Vulnerability Development mailing list archives
CSR: challenge update...
From: Steven Hill <steve () covertsystems org>
Date: Sat, 23 Jul 2005 23:49:39 +1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ***Exploitation Challenge*** Submissions for the CSR challenge have trickled in, one by one. With some submissions containing a satisfactory exploit that meet the demands for successful exploitation of csr-inject_v1.tgz ... It appears that a random address based stack still makes it difficult to exploit a particular application... though, brute forcing seems to be a possible solution... Presented here is the most viable exploit so far gathered by CSR during this current challenge... the author "Maverick" takes credit for this released exploit... To help preserve file formatting, please wget the exploit from: http://www.covertsystems.org/challenges/exp41.c Regards, Steven Hill aka: SolarIce - -- ---=[ Covertsystems Research ]=------------------------------// = www.covertsystems.org - = Exploitation Research & Development - = Specializing in UNIX/Linux Systems - --------------------------------------------=[ SolarIce ]=---// --The more one reads & learns, the less the other person knows. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC4kryOUBnGgmaNvcRAmFrAJ9DEiWldV0H1qAhYGZ/TTu/fb1tnQCfapWS JPVFQn9Co5RuE//7I1KbApc= =A5J9 -----END PGP SIGNATURE-----
Current thread:
- CSR: challenge update... Steven Hill (Jul 25)