Vulnerability Development mailing list archives
Re: Solaris sparc newbie exploit coding misc questions
From: Valdis.Kletnieks () vt edu
Date: Fri, 14 Oct 2005 15:40:34 -0400
On Wed, 12 Oct 2005 13:36:46 MDT, ework0 said:
2. Shellcode on Solaris sparc: In some documentation, it says we always should include setreuid() because /bin/sh always check for this, but, i have seen some exploit code with a simple /bin/sh execve call.
Not all /bin/sh bother checking. If you're low on space to fit an exploit, the setreuid() call *may* be one you can trim out and save some bytes. It's system-dependent anyhow, and if you don't know how to check if you need it on the system you're targeting the exploit, you don't have any business trying to write an exploit. ;)
3. What is exactly the term 'padding' in exploit coding? My english is very basic and the translation to my language doesnt help much.
Let's say you're shipping something valuable that's 30cm wide, and your box is 35cm wide. So you put 5 cm of something nice and soft (padding) around the valuable so there's no wasted space. Similarly, if you have an 87-byte long exploit, and you also need to overlay something that's 96 bytes away in memory (a pointer, perhaps), you will need to stick in 9 bytes that don't do anything except keep the thing that needs to be 96 bytes away from crowding right up against that 87-byte exploit and ending up 9 bytes too low in memory....
I think that is more than enough, thanks for your kind help to any of these questions,
Attachment:
_bin
Description:
Current thread:
- Solaris sparc newbie exploit coding misc questions ework0 (Oct 13)
- Re: Solaris sparc newbie exploit coding misc questions Valdis . Kletnieks (Oct 17)
- Re: Solaris sparc newbie exploit coding misc questions backblue (Oct 17)
- <Possible follow-ups>
- Re: Solaris sparc newbie exploit coding misc questions Marco Ivaldi (Oct 17)