On Tue, Jan 11, 2005 at 10:18:46AM +0100, A.J. Loonstra wrote: > I tried modifying the exploit not to use /dev/shm... but this is wat > happens: > > ~$ ./a.out > > [+] SLAB cleanup > child 1 VMAs 287 > [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000 > [+] vmalloc area 0xc5000000 - 0xc9d17000 > Wait... | > [+] race won maps=6768 > expanded VMA (0xbfffc000-0xffffe000) > [!] try to exploit 0xc594b000 > [+] gate modified ( 0xffec94bf 0x0804ec00 ) > [+] exploited, uid=0 > > sh-2.05a$ whoami > arnaud > sh-2.05a$ mount > /dev/hda1 on / type ext2 (rw,errors=remount-ro) > proc on /proc type proc (rw) > devpts on /dev/pts type devpts (rw,gid=5,mode=620) > /dev/hda2 on /home type ext3 (rw) > $sh-2.05a$ echo $UID > 0 > > It says it did exploit but it didn't...
UID of 0 looks like it has to me, but I could be wrong. Cheers, -- Brett Parker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
