Re: [Vuln-dev Challenge] Challenge #2
From: spacewalker (spacewalker_at_0xbadc0de.be)
Date: 05/24/03
- Previous message: anon: "Re: [Vuln-dev Challenge] Challenge #2"
- In reply to: Dave McKinney: "[Vuln-dev Challenge] Challenge #2"
- Next in thread: Jose Ronnick: "Re: [Vuln-dev Challenge] Challenge #2"
- Reply: Jose Ronnick: "Re: [Vuln-dev Challenge] Challenge #2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 24 May 2003 13:11:13 +0200 To: vuln-dev@securityfocus.com
0wn3d. Ret into libc exploitation, no setuid() stuff, quite simple in
fact.
The challenge would have been interesting if the fopen() wasn't "a" but
create and write from beginning.
$ ./exploit
Using system address 0x4005f531
And overwriting printf got at 0x0804971c starting by 0x08049713
sh-2.05b$ exit
exit
Segmentation fault
default offset is 5 (could vary).
spacewalker
/* Say NO to target[n] exploits ! */
- application/octet-stream attachment: exploit.c
- Previous message: anon: "Re: [Vuln-dev Challenge] Challenge #2"
- In reply to: Dave McKinney: "[Vuln-dev Challenge] Challenge #2"
- Next in thread: Jose Ronnick: "Re: [Vuln-dev Challenge] Challenge #2"
- Reply: Jose Ronnick: "Re: [Vuln-dev Challenge] Challenge #2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
