Re: question on escalating privileges via suid vulnerabilities

From: Andrea Purificato - bunker (bunker@fastwebnet.it)
Date: Mon Feb 26 2007 - 14:51:15 EST

Next message: Ricardo Mourato: "Pen Testing Company and Legal Documentation"
Previous message: Walsh, Leo: "RE: DNS mapping"
In reply to: John McGuire: "question on escalating privileges via suid vulnerabilities"
Next in thread: Fábio Russo: "Re: question on escalating privileges via suid vulnerabilities"
Reply: Fábio Russo: "Re: question on escalating privileges via suid vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Saturday 24 February 2007 19:52, John McGuire wrote:
> #include <stdio.h>
> int main() {
> char *arr[2];
> arr[0] = "/bin/sh";
> arr[1] = NULL;
> execve (arr[0], arr, NULL);
> }

Try with "setuid(0);" before execve :-)

-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.mindcreations.com 
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Next message: Ricardo Mourato: "Pen Testing Company and Legal Documentation"
Previous message: Walsh, Leo: "RE: DNS mapping"
In reply to: John McGuire: "question on escalating privileges via suid vulnerabilities"
Next in thread: Fábio Russo: "Re: question on escalating privileges via suid vulnerabilities"
Reply: Fábio Russo: "Re: question on escalating privileges via suid vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT