Asm – Bazz's Code Developments

NX-stack bypass w(1) Local Root Exploit Realization <3 - Pt. 19

By michaelbazzinott001 Posted on November 7, 2014 Posted in Asm, buffer overflow, C, NameFS, Sparc/Solaris No Comments

Woo-Hoo. I’m finally ready to release source code :D

Heap-Based Execution from UTMPX entries – Pt. 17

By michaelbazzinott001 Posted on November 6, 2014 Posted in Asm, GDB, Sparc/Solaris No Comments

there’s only enough room in the name[32] field for 28-4 = 24 bytes of ‘authentic’ asm instructions, followed by the 8 necessary for the call / branch instruction. What’s the difference between a call and a branch instruction.. Is it …

Heap-Based Execution from UTMPX entries – Pt. 17 Read more »

Memory Disclosure Pt. VIII

By michaelbazzinott001 Posted on October 17, 2014 Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized No Comments

This might be useful as some sort of binary signature in System(). /var/adm/messages is where the stack-execution notice comes up. I don’t know if the SIGPIPE error could possibly produce a message in /var/adm/messages, or some other log?? let’s see…. …

Memory Disclosure Pt. VIII Read more »

Smashing the Stack+Data sections PT. VII

By michaelbazzinott001 Posted on October 17, 2014 Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized No Comments

Remote Info. Disclosure for LibC Today, I am seeking information disclosure through a global variable buffer overflow, which conveniently overflows into a long chain of data structures purely char* . I use this technique I am developing to obtain disclosure …

Smashing the Stack+Data sections PT. VII Read more »

Hacking Apply — Pt. VI

By michaelbazzinott001 Posted on October 16, 2014 Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized No Comments

./pty_apply_final is my latest pty program :) uses CTRL-S to fluctuate around the stack space, starting from the middle and then alternating up and down the size of the NOPsled -16 for being safe. works on Blade72 with the following …

Hacking Apply — Pt. VI Read more »

Hacking Apply – Pt. V

By michaelbazzinott001 Posted on October 15, 2014 Posted in Asm, Bash, buffer overflow, C, Sparc/Solaris, Uncategorized No Comments

crucial address: right after the gets() in Acct: 0x11518 The exploit wasn’t working. The segfault was caused by another thing. Reg mess. Luckily, the only reg we need to restore to normal is %o3 must put a good value into …

Hacking Apply – Pt. V Read more »

Pearl — Hacking Apply — pt. IV

By michaelbazzinott001 Posted on October 15, 2014 Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized No Comments

So had previously showed the filling of the buffer with 0x41 but that doesn’t help us locate any offset into the buffer. this will: [[[hidden PTY code]]] That code is stripped from an old version of a userspace keylogger I …

Pearl — Hacking Apply — pt. IV Read more »

x86_64 Get Stack Pointer (RSP)

By michaelbazzinott001 Posted on September 24, 2014 Posted in Asm, CentOS, x86_64 No Comments

IDK why, but getting a simple source code for this was actually quite difficult. I mean I figured google would immediately spit out some simple snippet, but NO. There are stack overflow posts with difficult solutions and I was thinking …

x86_64 Get Stack Pointer (RSP) Read more »

Category: Asm