I'm sorry for being such a bastard. After looking more into this guy's site, it looks pretty sweet.
d. --- Day Jay <[EMAIL PROTECTED]> wrote: > Jesus H. Christ! > > I never "claimed" to be a master at c coding or > being > the greatest like this guy did and he *still* > hardcoded his shit and he's probably still mad. > > My code was short and sweet and worked, and it just > demonstrated the bug. I never claimed to be a master > c-coder. In fact, I never claim/ed to know how to > code > at all and people keep insisting I'm so good. :p > > Everyone so far has gone off topic about the > original > message which was the POC code about the PWCK > program > that was flawed and then everyone decided to go dick > waving for NO REASON. Maybe it's because you guys > aren't getting laid or your anal adventures have had > some downtime, who knows. So, my code works, and if > people want to claim to be so good, go ahead-show us > something though and stop talking and thinking you > are > so good. > > > d. > "Whitehats have the tendency to be scared/unable to > apply black arts and instead clasp their theories > and > what ifs still never knowing what it was like to > hack" > > > --- [EMAIL PROTECTED] wrote: > > > On Mon, 09 May 2005 10:09:59 PDT, Day Jay said: > > > We all saw how short the code was I had for that > > pwck > > > buffer overflow exploit. He also hardcodes the > > stack > > > pointer, hahah. > > > > Note that there's absolutely nothing wrong with > > hardcoding the > > stack pointer when the ABI makes it impossible for > > it to have > > any other value. And if you actually knew C well > > enough to read > > the code, you'd see: > > > > > /*------------------------------------------------------------------------ > > * "Addr" is the predicted address where the > > shellcode starts in the > > * environment buffer. This was determined > > empirically based on a test > > * program that ran similarly, and it ought to be > > fairly consistent. > > * This can be changed with the "-a" parameter. > > */ > > static long addr = 0x7ffffc04; > > > > So there's a default value, and a documented -a > > switch to change it if needed. > > > > Compare and contrast this with: > > > > offset = 1700; //the offset I first found worked > > > > Who's doing the hardcoding here? Steve or the guy > > who's code you ripped off? > > > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > http://promotions.yahoo.com/new_mail > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
