On Mon, 09 May 2005 10:09:59 PDT, Day Jay said: > We all saw how short the code was I had for that pwck > buffer overflow exploit. He also hardcodes the stack > pointer, hahah. Note that there's absolutely nothing wrong with hardcoding the stack pointer when the ABI makes it impossible for it to have any other value. And if you actually knew C well enough to read the code, you'd see: /*------------------------------------------------------------------------ * "Addr" is the predicted address where the shellcode starts in the * environment buffer. This was determined empirically based on a test * program that ran similarly, and it ought to be fairly consistent. * This can be changed with the "-a" parameter. */ static long addr = 0x7ffffc04; So there's a default value, and a documented -a switch to change it if needed. Compare and contrast this with: offset = 1700; //the offset I first found worked Who's doing the hardcoding here? Steve or the guy who's code you ripped off?
Attachment:
pgp08in6pDQ45.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/