Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] 0day LINUX 0day LATEST

from [Andrew Dawson] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] 0day LINUX 0day LATEST
Date: Mon, 28 Jan 2008 15:53:32 +0000 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 28 Jan 2008, at 10:55, Andrew Farmer wrote:


On 28 Jan 08, at 02:13, wejwklekl246 wrote:

/* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
*
* afunixroot.c Linux kernel 2.6.x i386 local root exploit


<blah blah blah>

Compiles a shared library in /tmp/own.so containing the functions

      int getuid() { return 0; }
      int geteuid() { return 0; }
      int getgid() { return 0; }
      int getegid() { return 0; }

and executes /bin/sh with LD_PRELOAD=/tmp/own.so

Pretty lame. Protip: "hellc0de" containing lots of \x61-\x7f looks  
fake.


This whole exploit program is seemingly a massive obsfucation exercise.

Apart from the above, the prepare() function has "hidden" socket()  
and sendto() calls to send a 64 byte parameter block to 213.73.91.29  
port 864 (repeated 9 times).

The rest is repeated fork/wait/nice stuff that will probably have a  
DoS effect on the system it's run on, but no privilege elevation...

Regards,

Andrew.

- --
************************************************************
Andrew Dawson
Operating Systems Group Manager
Information Systems
Education & Information Support Division
University College London
Gower Street
London WC1E 6BT
************************************************************

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFHnfqLPlVbrK39S+4RAtl1AJ0bZ/cu1NdLqXqTdGuIkkMRjbR/+wCfWj+J
ZzSCqSWic8q2fd/zvw99WSg=
=jTB6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] asking about certificate, wilder_jeff Wilder
Next by Date:  Re: [Full-disclosure] Metasploit Framework v3.1 Released, worried security
Previous by Thread:  Re: [Full-disclosure] 0day LINUX 0day LATEST, Andrew Farmer
Next by Thread:  Re: [Full-disclosure] 0day LINUX 0day LATEST, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]