Dailydave mailing list archives
Re: 0x43434343
From: optyx <optyx () uberhax0r net>
Date: Mon, 24 Nov 2003 01:16:00 -0500 (EST)
It must take a great deal of insecurity to jump to conclusions about the
knowlege of others and rant publicly about it.
This is obviously not an exploit for the same bug, as that code was the
second version of the netmgt overflow I wrote, bug released by cheesewhiz.
Brute forcing is/was supposed to be some kind of advanced technique?
This is more common sense than anything.
Say the payload address will never be less than 0x1000 and never greater
than 0x5000, you send 1k of nops + shellcode.
for(addr = 0x1000 + (0x400 / 2); addr < 0x5000; addr += 0x400)
try_attack_with_return(addr);
advanced, eh?
-Optyx
On Thu, 20 Nov 2003 twd () el8 net wrote:
oh wait, my bad. i thought you were talking about AUTH_UNIX. ya i saw ur netmgt one on hack.co.za, and the header says 2000. wasn't that just an x86 port. my bad On Thu, 20 Nov 2003 twd () el8 net wrote:the first one you wrote or the first one noir wrote that you added ansi-art to? :> On Thu, 20 Nov 2003, optyx wrote:it around the time that Solaris 2.7 was first released. It was one of the first rpc programs I wrote :) Purchasing of exploits and releasing guarentees that only bottom feeders will approach. $5k would hardly compensate for the fun that this bug gave me over the years. Hoarding exploits is bad? damn, I guess I'm out of the loop then. Guess someone should tell obsd about their dhcp/netboot problems. oh well. -Optyx _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: 0x43434343 optyx (Nov 24)