Re: Solaris sparc newbie exploit coding misc questions

Hey ework0,

> I gather together some misc questions about designing buffer overflows
> PoC's for the solaris sparc architecture:

I apologize for not being able to thoroughly answer your questions, but
i'm in a hurry at the moment. Just wanted to point out some of my code
that i bet you'll find useful:

http://www.0xdeadbeef.info/code/solaris-sparc-exploits.tgz
http://www.0xdeadbeef.info/exploits/raptor_rlogin.c
http://www.0xdeadbeef.info/exploits/raptor_ldpreload.c
http://www.0xdeadbeef.info/exploits/raptor_libdthelp.c
http://www.0xdeadbeef.info/exploits/raptor_libdthelp2.c
http://www.0xdeadbeef.info/exploits/raptor_passwd.c

The first link (Solaris/SPARC vulnerable code study) shows the basics of
Solaris/SPARC exploitation: the tarball contains some commented exploit
templates, with links to useful documentation as well. Solaris 10 is not
entirely covered yet, but i'm planning to update my research as soon as
possible. I've never had the time to write a real paper about exploit
development, but i believe the source code speaks fairly well for itself.

The others are exploits for real-life vulnerabilities, maybe i'll publish
some more in the future...

Feel free to email me privately if you still have doubts after checking
out this information, specially if you don't mind about late replies;)

Cheers,

-- 
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707