Blog Archives

Auditing the C ‘for’ loop

I am reading on Source Code Auditing in the Shellcoder’s Handbook ed. 1 — Off-by-One vulnerabilities. in SPARC’s big-endian systems,¬†they are not a real threat according to the handbook. They are still part of my research and apply to little

Posted in buffer overflow, C

OS X After patching shellshock, Xquartz fails + sh: line 6: `BASH_FUNC_rvm_debug%%’: not a valid identifier

After patching my /bin/bash with scripts, I noticed some odd things. When I did an ssh -X, I would see this: Then X would start up after performing an X app, and I would get this in XQuartz: Then, quartz

Posted in Bash, OSX

Making Sense of Sun Blades and the UltraSPARC-IIe

Okies, so if you haven’t heard, I am hacking the Sun Blade 150, it’s a machine at school they still run that’s 10 years old. Pathetic. But it’s a good challenge for me to conquer and learn about operating systems

Posted in Sparc/Solaris

Kernel Arch. Solaris 7 vs. Solaris 8

I am reading the book Solaris Internals 1st edition where majority covers Solaris 7. I maintain this blog post as a place to show the differences I have found along the way.   Solaris 7 data structure for an address

Posted in Sparc/Solaris

Grep Love + Less Love

Some grep things that I found handy: Seriously. So yummy. Some handy things that I’m using right now. -A, -B, -C print an arbitrary number of lines After, Before, or Before/After the matched string line. Super cool. –no-filename, -h Handy

Posted in Sparc/Solaris

Protected: Learning Solaris Internals : Memory Paging

There is no excerpt because this is a protected post.

Posted in Sparc/Solaris

Protected: Finding all suid programs on Sparc machine leads to Pwnage

There is no excerpt because this is a protected post.

Posted in buffer overflow, C, Sparc/Solaris

Protected: Sparc Solaris Hacking Notes

There is no excerpt because this is a protected post.

Posted in Uncategorized

[POC] [Shellshock] Bash SSHD PreAuth Remote Exploit

The hype around the ShellShock bash exploit is circulating everywhere. Some have proven methods of: BAD DHCP server Remote code execution in CGI scripts However, most research suggests that the SSH daemon is only susceptible to the shell shock exploit

Tagged with: , , , , , , , , , , , , ,
Posted in Bash

Alternating Payload, Automated offset calculation/ID during Buffer Overflow Analysis

I designed this during my activity analyzing exploiting a sensitive buffer overflow on the SPARC architecture. It suits my needs, and I like publicizing to my blog posts. It makes backup of my data and knowledge base. So I like

Posted in buffer overflow
Skip to toolbar