-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Brendan Dolan-Gavitt wrote: > Hi, I'm looking for examples of (remote) security vulnerabilities > whose exploitation involves no guesswork--eg, no bruteforcing the > return address, or altering your exploit based on the server's > response, etc. I guess you're thinking about _remote_ exploitation ? You don't have to guess anything for a local bo for instance.. Anyway : > It seems like this kind of exploit is dying out, particularly as > different flavors of Linux proliferate, each with their own > slightly Target the kernel ? Use linux-gate.so ? Portability of your exploit will greatly depend on how you choose to exploit the vulnerability, since it's quite common to have to choose btw several exploitation scenarii.. > different libc and userland; in the Windows world, however, we > still find "universal" exploits that work on NT4/2k/XP over a > variety of service packs. the language also affects some pointers. Anyway, if you need let s say a jmp esp , you can try to choose one location in memory that contains this opcode for several SP/languages. But I don't think you can prove any exploit will be universal... (can you ? ;) > Anyways, if anyone has come across things like this, I'd greatly > appreciate hearing about it. I'm working on some new methods to > deliver exploits at once while minimizing recon. > > Thanks, Brendan Dolan-Gavitt Cheers, endrazine- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFOPC7zX6JtL3KgRURAqAyAKDaza2Khkjv9qVd9NZAtu/xjHjxFgCg2z8D V4wY66PaL6iTgk7QrQg31jc= =pkfO -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
