Re: Why SUID Binary exploit does not yield root shell?

From: tony@777h.org
Date: 03/09/03

  • Next message: descript: "Win32hlp exploit for : ":LINK overflow""
    Date: Sun, 9 Mar 2003 15:34:27 -0500
    From: tony@777h.org
    To: Kryptik Logik <kryptiklogik@hushmail.com>
    
    

    Check out your system logs.. when i wrote an exploit for vpnclient under
    gentoo linux, PAM was catching the exploit..

    for the workaround i used, check the exploit out:
    http://sec.angrypacket.com/exploits/vpnKILLient.c

    On Sat, Mar 08, 2003 at 08:40:17PM -0000, Kryptik Logik wrote:
    >
    >
    > Folks:
    >
    > I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
    > using my payload shellcode. However, whenever I run my exploit, I do get a
    > shell but just that it is an ordinary shell under my account (as id would
    > indicate).
    >
    > The binary that I've exploited is suid bit set so theoretically shouldn't
    > it create a root shell? I've tested my exploit on a small sample
    > vulnerable program that I wrote with the exact same permissions as the
    > binary in the system and I could get a root shell!
    >
    > What is the magic here (if any)?
    >
    > Thankx in advance,
    >
    > # klogik

    -- 
    + Cannot find nsabackdoor.dll. Please reinstall Windows.
    

  • Next message: descript: "Win32hlp exploit for : ":LINK overflow""