Looking online, I found shellcode that breaks chroot by doing a mkdir("sh") chroot("sh") chroot("../../../../../../"); then running /bin/sh Other chroot breaking shellcode online does variations of the same thing. I haven't tested this out so I can't say for sure if this works, anyone else know? Shellcode available at: http://www.groar.org/expl/linux-x86/chroot.c http://www.groar.org/expl/linux-x86/chroot1.c > I've heard of shellcode that supposedly jumps out of the chroot jail, but > it's probably been fixed now (whatever bug in chroot the shellcode > exploited). The buffer overflow would work (it'd overflow the buffer yes) > but as to whether you'd get a shell, probably not... Unless someone > dropped a bash shell in there :) -- ------SupplyEdge------- Greg Hunt 800-733-3380 x 107 gregat_private
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:24:03 PDT