Blog Archives

NX-stack bypass w(1) Local Root Exploit Realization <3 - Pt. 19

Woo-Hoo. I’m finally ready to release source code :D

Posted in Asm, buffer overflow, C, NameFS, Sparc/Solaris

Heap-Based Execution from UTMPX entries – Pt. 17

there’s only enough room in the name[32] field for 28-4 = 24 bytes of ‘authentic’ asm instructions, followed by the 8 necessary for the call / branch instruction. What’s the difference between a call and a branch instruction.. Is it

Posted in Asm, GDB, Sparc/Solaris

Memory Disclosure Pt. VIII

This might be useful as some sort of binary signature in System(). /var/adm/messages is where the stack-execution notice comes up. I don’t know if the SIGPIPE error could possibly produce a message in /var/adm/messages, or some other log?? let’s see….

Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized

Smashing the Stack+Data sections PT. VII

Remote Info. Disclosure for LibC Today, I am seeking information disclosure through a global variable buffer overflow, which conveniently overflows into a long chain of data structures purely char* . I use this technique I am developing to obtain disclosure

Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized

Hacking Apply — Pt. VI

./pty_apply_final is my latest pty program :) uses CTRL-S to fluctuate around the stack space, starting from the middle and then alternating up and down the size of the NOPsled -16 for being safe. works on Blade72 with the following

Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized

Hacking Apply – Pt. V

crucial address: right after the gets() in Acct: 0x11518 The exploit wasn’t working. The segfault was caused by another thing. Reg mess. Luckily, the only reg we need to restore to normal is %o3 must put a good value into

Posted in Asm, Bash, buffer overflow, C, Sparc/Solaris, Uncategorized

Pearl — Hacking Apply — pt. IV

So had previously showed the filling of the buffer with 0x41 but that doesn’t help us locate any offset into the buffer. this will: [[[hidden PTY code]]] That code is stripped from an old version of a userspace keylogger I

Posted in Asm, buffer overflow, C, Sparc/Solaris, Uncategorized

x86_64 Get Stack Pointer (RSP)

IDK why, but getting a simple source code for this was actually quite difficult. I mean I figured google would immediately spit out some simple snippet, but NO. There are stack overflow posts with difficult solutions and I was thinking

Posted in Asm, CentOS, x86_64
Skip to toolbar