Re: Why SUID Binary exploit does not yield root shell?
From: tony@777h.org
Date: 03/09/03
- Previous message: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
- In reply to: Kryptik Logik: "Why SUID Binary exploit does not yield root shell?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 9 Mar 2003 15:34:27 -0500 From: tony@777h.org To: Kryptik Logik <kryptiklogik@hushmail.com>
Check out your system logs.. when i wrote an exploit for vpnclient under
gentoo linux, PAM was catching the exploit..
for the workaround i used, check the exploit out:
http://sec.angrypacket.com/exploits/vpnKILLient.c
On Sat, Mar 08, 2003 at 08:40:17PM -0000, Kryptik Logik wrote:
>
>
> Folks:
>
> I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
> using my payload shellcode. However, whenever I run my exploit, I do get a
> shell but just that it is an ordinary shell under my account (as id would
> indicate).
>
> The binary that I've exploited is suid bit set so theoretically shouldn't
> it create a root shell? I've tested my exploit on a small sample
> vulnerable program that I wrote with the exact same permissions as the
> binary in the system and I could get a root shell!
>
> What is the magic here (if any)?
>
> Thankx in advance,
>
> # klogik
-- + Cannot find nsabackdoor.dll. Please reinstall Windows.
- Previous message: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
- In reply to: Kryptik Logik: "Why SUID Binary exploit does not yield root shell?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
