Re: buffer overflow to spawn shell

From: Gareth Bromley (gbromley_at_intstar.com)
Date: 02/02/05

  • Next message: Gareth Bromley: "Re: Newbie: how do I limit a user to just a home directory?"
    Date: Wed, 02 Feb 2005 21:20:34 GMT
    
    

    coollink wrote:
    > Payton, What he's telling you is you need to rename the program
    > name(which is the string stored in argv[0]) to be a buffer with your
    > nop sled and shellcode in it. the way i'd exploit would be to rename it
    > with this command:
    > mv "execname" `perl -e 'print "\x90"xhoweverlongnopsledis;'``cat
    > shellcode`
    > of course this command implies you have a plain file in the directory
    > called shellcode with your shellcode in it.
    > if you cant create a file in the directory change the command to be
    > mv "execname" `perl -e 'print
    > "\x90"xhoweverbignopsledis;'`blahblahblah<------shellcode here instead
    > of blahs.
    And the other thing to watch out for is to ensure that the shellcode you
    use consists of printable ASCII instructions.

    A good set of texts on this is contained within 'HACKING The Art of
    Exploitation' by Jon Erickson.


  • Next message: Gareth Bromley: "Re: Newbie: how do I limit a user to just a home directory?"

    Relevant Pages

    • Re: buffer overflow to spawn shell
      ... Payton, What he's telling you is you need to rename the program ... nameto be a buffer with your ... nop sled and shellcode in it. ...
      (comp.os.linux.security)
    • Re: buffer overflow to spawn shell
      ... > rename it ... >> And the other thing to watch out for is to ensure that the shellcode ... > I have already a shellcode working fine on my linux computer (has been ... [dozzie@hans dozzie]$ gcc test.c -o test ...
      (comp.os.linux.security)
    • Re: buffer overflow to spawn shell
      ... I have already a shellcode working fine on my linux computer (has been ... What he's telling you is you need to rename the program ... >> of course this command implies you have a plain file in the ... >> if you cant create a file in the directory change the command to be ...
      (comp.os.linux.security)
    • [Full-Disclosure] CSA-200402-1: Previous Open Webmail vulnerability is exploitable
      ... Vulnerability: Remote arbitrary command exection ... "Open WebMail is a webmail system based on the Neomail version 1.14 ... -p The port to have the reverse shellcode connect back to. ...
      (Full-Disclosure)
    • Re: DEFCON 16 and Hacking OpenVMS
      ... this was for utilities that had command recall, not for DCL. ... If you had started with "utilities that used command recall", ... Now we know what your use of "shellcode" means. ... confusion to your explanations. ...
      (comp.os.vms)