Hacking Blade60 — Pt. XI
some output that might be helpful In hindsight, a really helpful ability would be more dynamic code, such that fsf has a variable identifying where in the buffer it is.. Something more variable..
some output that might be helpful In hindsight, a really helpful ability would be more dynamic code, such that fsf has a variable identifying where in the buffer it is.. Something more variable..
I studied the stack frames more… You can return from buffer overflow into a code segment with a ret restore. you can set %fp to a fake stack frame with fake” %i and %l registers. This “fake” %i7 points to …
Find out if char* strings need to be word-aligned. NO, they do not ;) GREAT, cause that helps ALOT This is a breakpoint of the 2nd ShowParams function call in Groups(), illustrating the stack frame: I started marking several values …
This might be useful as some sort of binary signature in System(). /var/adm/messages is where the stack-execution notice comes up. I don’t know if the SIGPIPE error could possibly produce a message in /var/adm/messages, or some other log?? let’s see…. …
Remote Info. Disclosure for LibC Today, I am seeking information disclosure through a global variable buffer overflow, which conveniently overflows into a long chain of data structures purely char* . I use this technique I am developing to obtain disclosure …
./pty_apply_final is my latest pty program :) uses CTRL-S to fluctuate around the stack space, starting from the middle and then alternating up and down the size of the NOPsled -16 for being safe. works on Blade72 with the following …
crucial address: right after the gets() in Acct: 0x11518 The exploit wasn’t working. The segfault was caused by another thing. Reg mess. Luckily, the only reg we need to restore to normal is %o3 must put a good value into …
So had previously showed the filling of the buffer with 0x41 but that doesn’t help us locate any offset into the buffer. this will: [[[hidden PTY code]]] That code is stripped from an old version of a userspace keylogger I …
First was to obtain the source code from blade72, /sources/apply-1.2 This wasn’t advertised, I happened to be digging around the filesystem one day and accidently stumbled upon it :) fortunately it’s pre-compiled.. I move the sources to my own box.. …