Re: question on escalating privileges via suid vulnerabilities

To:	pen-test@securityfocus.com
Subject:	Re: question on escalating privileges via suid vulnerabilities
From:	Andrea Purificato - bunker <bunker@fastwebnet.it>
Date:	Mon, 26 Feb 2007 20:51:15 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<7c488dd80702241052y225c158fn9b2c8372f10a6f3b@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<7c488dd80702241052y225c158fn9b2c8372f10a6f3b@mail.gmail.com>
Resent-date:	Mon, 26 Feb 2007 13:30:40 -0700 (MST)
Resent-from:	pen-test-return-1078483641@securityfocus.com
Resent-message-id:	<20070226203040.2A2B323B056@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	KMail/1.9.4

On Saturday 24 February 2007 19:52, John McGuire wrote:
> #include <stdio.h>
> int main() {
>        char *arr[2];
>        arr[0] = "/bin/sh";
>        arr[1] = NULL;
>        execve (arr[0], arr, NULL);
> }

Try with "setuid(0);" before execve :-)
-- 
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
question on escalating privileges via suid vulnerabilities, John McGuire Message not available Re: question on escalating privileges via suid vulnerabilities, John McGuire Re: question on escalating privileges via suid vulnerabilities, Christoph Bussenius Re: question on escalating privileges via suid vulnerabilities, Marco Ivaldi Re: question on escalating privileges via suid vulnerabilities, Andrea Purificato - bunker <= Re: question on escalating privileges via suid vulnerabilities, Fábio Russo

Previous by Date:	RE: DNS mapping, Walsh, Leo
Next by Date:	Pen Testing Company and Legal Documentation, Ricardo Mourato
Previous by Thread:	Re: question on escalating privileges via suid vulnerabilities, Marco Ivaldi
Next by Thread:	Re: question on escalating privileges via suid vulnerabilities, Fábio Russo
Indexes:	[Date] [Thread] [Top] [All Lists]