exploit?
Posted: Tue Apr 18, 2006 5:42 amCool.
http://satfilm.pl/~n30n/grsec.png
Page 1 of 1
Posted: Tue Apr 18, 2006 7:06 am
Posted: Wed Apr 19, 2006 12:01 pmOn my 2.4.32-grsec [grsec version 2.1.8], libc version 2.3.6 not working 
just still forking and forking....
just still forking and forking.... 2.6.x?
Posted: Thu Apr 20, 2006 6:46 amIs this working with a 2.6.X kernel, or my glibc version the "problem"? With, or without grsec patch, the results are the same:
./a.out
# Return into libc exploit by Adam Simuntis <adam (at) pinkhat (dot) org [email concealed]> |an example|
# Gathering info..
LIBC: 2.3.90-development
- got sysname: Linux 2.6.14.7-fpatch-8.14
- got system() addr: 0x51446d77
- got /bin/sh addr: 0x5152c3bc
~ system() - offset @: 0x51442d77
~ /bin/sh - offset @: 0x515283bc
# Warning: Libc version 2.3.90 was not tested. Program may not work correctly.
# Press enter to proceed attack or ctrl+c to cancel.
# Bypassing grsecurity protection
~ wait for shell
....
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
.. and so on.
And with grsec patch the dmesg sad:
grsec: From X.X.X.X: failed fork with errno -11 by /../../a.out[a.out:101] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2
grsec: From X.X.X.X: denied resource overstep by requesting 8191 for RLIMIT_NPROC against limit 8191 for /../../a.out[a.out:23916] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2
./a.out
# Return into libc exploit by Adam Simuntis <adam (at) pinkhat (dot) org [email concealed]> |an example|
# Gathering info..
LIBC: 2.3.90-development
- got sysname: Linux 2.6.14.7-fpatch-8.14
- got system() addr: 0x51446d77
- got /bin/sh addr: 0x5152c3bc
~ system() - offset @: 0x51442d77
~ /bin/sh - offset @: 0x515283bc
# Warning: Libc version 2.3.90 was not tested. Program may not work correctly.
# Press enter to proceed attack or ctrl+c to cancel.
# Bypassing grsecurity protection
~ wait for shell
....
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
.. and so on.
And with grsec patch the dmesg sad:
grsec: From X.X.X.X: failed fork with errno -11 by /../../a.out[a.out:101] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2
grsec: From X.X.X.X: denied resource overstep by requesting 8191 for RLIMIT_NPROC against limit 8191 for /../../a.out[a.out:23916] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2
Posted: Thu Apr 20, 2006 7:52 pmNothing new here, just a brute-force attack, which btw won't work against remote services if you have the bruteforce deterrence enabled in your config.
-Brad
-Brad