Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: DSU
From: TINNES Julien RD-MAPS-ISS <julien.tinnes () francetelecom com>
Date: Wed, 12 Jul 2006 16:03:39 +0200
H D Moore wrote:

Is Immunity using the cron.d technique for getting execution? I really 
like how the RS-Labs folks did it:

http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c



This is the way I wrote it too:

http://cr0.org/bordel/prctlpute.c (now that there is a public exploit
anyway, no harm done..)

It's lucky from an attacker point of view that crontab handles parse
errors so nicely..

I wonder if someone came up with another idea. There are other "execute
everything here" directories in most distributions but most of them are
handled by bash which won't execute strings in a core.

-- 
Julien TINNES - & france telecom - R&D Division/MAPS/NSS
Research Engineer - Internet/Intranet Security
GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Re: DSU, (continued)
    • Re: DSU H D Moore (Jul 12)
      • Re: DSU TINNES Julien RD-MAPS-ISS (Jul 12)
    • Re: DSU Rodrigo Rubira Branco (BSDaemon) (Jul 12)
    • Re: DSU Steven M. Christey (Jul 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]