|
Penetration Testing
mailing list archives
Re: question on escalating privileges via suid vulnerabilities
From: Andrea Purificato - bunker <bunker () fastwebnet it>
Date: Mon, 26 Feb 2007 20:51:15 +0100
On Saturday 24 February 2007 19:52, John McGuire wrote:
#include <stdio.h>
int main() {
char *arr[2];
arr[0] = "/bin/sh";
arr[1] = NULL;
execve (arr[0], arr, NULL);
}
Try with "setuid(0);" before execve :-)
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.mindcreations.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
