Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
From: Day Jay <d4yj4y () yahoo com>
Date: Tue, 10 May 2005 14:21:49 -0700 (PDT)

I'm sorry for being such a bastard. After looking more
into this guy's site, it looks pretty sweet.

d.
--- Day Jay <d4yj4y () yahoo com> wrote:
Jesus H. Christ!

I never "claimed" to be a master at c coding or
being
the greatest like this guy did and he *still*
hardcoded his shit and he's probably still mad.

My code was short and sweet and worked, and it just
demonstrated the bug. I never claimed to be a master
c-coder. In fact, I never claim/ed to know how to
code
at all and people keep insisting I'm so good. :p

Everyone so far has gone off topic about the
original
message which was the POC code about the PWCK
program
that was flawed and then everyone decided to go dick
waving for NO REASON. Maybe it's because you guys
aren't getting laid or your anal adventures have had
some downtime, who knows. So, my code works, and if
people want to claim to be so good, go ahead-show us
something though and stop talking and thinking you
are
so good.


d.
"Whitehats have the tendency to be scared/unable to
apply black arts and instead clasp their theories
and
what ifs still never knowing what it was like to
hack"


--- Valdis.Kletnieks () vt edu wrote:

On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:
We all saw how short the code was I had for that
pwck
buffer overflow exploit. He also hardcodes the
stack
pointer, hahah.

Note that there's absolutely nothing wrong with
hardcoding the
stack pointer when the ABI makes it impossible for
it to have
any other value.  And if you actually knew C well
enough to read
the code, you'd see:



/*------------------------------------------------------------------------
 * "Addr" is the predicted address where the
shellcode starts in the
 * environment buffer. This was determined
empirically based on a test
 * program that ran similarly, and it ought to be
fairly consistent.
 * This can be changed with the "-a" parameter.
 */
static long addr = 0x7ffffc04;

So there's a default value, and a documented -a
switch to change it if needed.

Compare and contrast this with:

  offset = 1700; //the offset I first found worked

Who's doing the hardcoding here? Steve or the guy
who's code you ripped off?




      
              
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/



                
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault