For this xmas i'm releasing some of the exploits i've developed in the
last months. Nothing so fancy, but i believe i've deployed some
new/interesting techniques, specially on the Solaris/SPARC platform.
Here's the index:
raptor_chown.c local on Linux 2.6.x < 2.6.7-rc3 (CAN-2004-0497)
raptor_udf.c MySQL privilege escalation procedure (code by NGS)
raptor_rlogin.c remote on Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797)
raptor_ldpreload.c local on Solaris 2.6, 7, 8, 9 (CAN-2003-0609)
raptor_libdthelp.c local on Solaris 7, 8, 9 (CAN-2003-0834)
raptor_libdthelp2.c same as above, ret-into-ld.so version
raptor_passwd.c local on Solaris 8, 9 (CAN-2004-0360)
All the exploits are in the attached tarball. They are also freely
downloadable from my homepage, at:
http://www.0xdeadbeef.info/
Merry xmas and happy hacking ;)
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
For this xmas i'm releasing some of the exploits i've developed in the
last months. Nothing so fancy, but i believe i've deployed some
new/interesting techniques, specially on the Solaris/SPARC platform.
Here's the index:
raptor_chown.c local on Linux 2.6.x < 2.6.7-rc3 (CAN-2004-0497)
raptor_udf.c MySQL privilege escalation procedure (code by NGS)
raptor_rlogin.c remote on Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797)
raptor_ldpreload.c local on Solaris 2.6, 7, 8, 9 (CAN-2003-0609)
raptor_libdthelp.c local on Solaris 7, 8, 9 (CAN-2003-0834)
raptor_libdthelp2.c same as above, ret-into-ld.so version
raptor_passwd.c local on Solaris 8, 9 (CAN-2004-0360)
All the exploits are in the attached tarball. They are also freely
downloadable from my homepage, at:
http://www.0xdeadbeef.info/
Merry xmas and happy hacking ;)
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
[ reply ]