Woo-Hoo. I’m finally ready to release source code :D
Blog Archives
Solaris 7 8 9 modload user upload kernel module
“The Shellcoder’s Handbook” comes supplied with a ready exploit against http://www.securitytracker.com/id/1008833 But, it has some problems. the kernel module compiling script is broken (needs -c flag), else it will bitch about _init and _fini being defined twice.. This script uses…
Posted in Sparc/Solaris
Protected: Memory Disclosure Pt. VIII
There is no excerpt because this is a protected post.
Protected: Smashing the Stack+Data sections PT. VII
There is no excerpt because this is a protected post.
Protected: Hacking Apply — Pt. VI
There is no excerpt because this is a protected post.
Protected: Hacking Apply – Pt. V
There is no excerpt because this is a protected post.
Protected: Pearl — Hacking Apply — pt. IV
There is no excerpt because this is a protected post.
Protected: Pearl — Hacking Apply Pt III
There is no excerpt because this is a protected post.
Holy Mother of Pearl – Pt. II
Now let’s start perfecting our exploit: The above is the typical Stack range for a 32-bit sparc app in 64-bit kernel. That’s as specific as I care for.. We can create a guesser program to, based on nop-sled size, slice…
Holy Mother of Pearl — SPARC Exploitation Excerpts!
SO, back to exploiting the userland gets() function. Vulnerable Test Prog This invoke scripts helps me keep the stack offset the same whether I run the program in GDB or not.. Note: it doesn’t work that well on my Sun…
