I keep trying all these exploits posted on the list on my webserver with no
success, they all say "bug exploited successfully" but don't give root, am I
doing something wrong?
Brian Parris
[EMAIL PROTECTED]
----- Original Message -----
From: "Tim Yardley" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 31, 2001 9:12 PM
Subject: .. ptrace improvement
> As always, there are always ways to improve things. This version of the
> exploit posted here previously overwrites the dl _start routine and doesnt
> modify eip. This will help on stack non-exec systems and doesnt require
> you to calculate the bss offset. I didn't test it, but this should still
> work on a stackguard compiled program as well.
>
> your mileage may vary, and this will still suffer from the disk cache
issue
> (speed becoming a paramount concern). the recent post by "Ihq" where his
> exploit created a big file, is one way to fill out the cache so that the
> suid binary is not in the cache. manual methods are just as easy.
>
> rsh, gpasswd, passwd, etc etc are all common choices for hitting.
anything
> will work.
>
> more details lay within the code. enjoy.
>
> /tmy
----------------------------------------------------------------------------
----
>
> -- Diving into infinity my consciousness expands in inverse
> proportion to my distance from singularity
>
> +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- -
> --------------+
> | Tim Yardley ([EMAIL PROTECTED])
> | http://www.students.uiuc.edu/~yardley/
> +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- -
> --------------+
>
