[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
From: Day Jay <d4yj4y@xxxxxxxxx>
Date: Mon, 9 May 2005 11:22:46 -0700 (PDT)

Jesus H. Christ!

I never "claimed" to be a master at c coding or being
the greatest like this guy did and he *still*
hardcoded his shit and he's probably still mad.

My code was short and sweet and worked, and it just
demonstrated the bug. I never claimed to be a master
c-coder. In fact, I never claim/ed to know how to code
at all and people keep insisting I'm so good. :p

Everyone so far has gone off topic about the original
message which was the POC code about the PWCK program
that was flawed and then everyone decided to go dick
waving for NO REASON. Maybe it's because you guys
aren't getting laid or your anal adventures have had
some downtime, who knows. So, my code works, and if
people want to claim to be so good, go ahead-show us
something though and stop talking and thinking you are
so good.

d.
"Whitehats have the tendency to be scared/unable to
apply black arts and instead clasp their theories and
what ifs still never knowing what it was like to hack"

--- Valdis.Kletnieks@xxxxxx wrote:

> On Mon, 09 May 2005 10:09:59 PDT, Day Jay said:
> > We all saw how short the code was I had for that
> pwck
> > buffer overflow exploit. He also hardcodes the
> stack
> > pointer, hahah.
> 
> Note that there's absolutely nothing wrong with
> hardcoding the
> stack pointer when the ABI makes it impossible for
> it to have
> any other value.  And if you actually knew C well
> enough to read
> the code, you'd see:
> 
>
/*------------------------------------------------------------------------
>  * "Addr" is the predicted address where the
> shellcode starts in the
>  * environment buffer. This was determined
> empirically based on a test
>  * program that ran similarly, and it ought to be
> fairly consistent.
>  * This can be changed with the "-a" parameter.
>  */
> static long   addr = 0x7ffffc04;
> 
> So there's a default value, and a documented -a
> switch to change it if needed.
> 
> Compare and contrast this with:
> 
>   offset = 1700; //the offset I first found worked
> 
> Who's doing the hardcoding here? Steve or the guy
> who's code you ripped off?
> 

__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
  - From: Valdis . Kletnieks

References:
- Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Next by Date: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Previous by thread: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Next by thread: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Index(es):
- Date
- Thread