please read it carefully especially for you David1357
im enabling core dumps for suid programs
echo '1' >> /proc/sys/fs/suid_dumpable
can a simple user do that without the root access?
im doing my coursework and im cracking my ubuntu 7.10 box
))
could i be arrested for this ?)
if i was cracking someone's else box why would i need the core dumps
if i simply get all registers from gdb
about chowning,
i already did that but the core that is dumping
is taking root priviliges when im executing the program from the user.
why its happening im trying to figure out but unsuccessfully
can anyone help me please
here are logs to make it clearer
m00n@crack3:~/w0rk$ ./retlib `perl -e 'print "\x42"x100'`
Exploiting via returnig into libc function
Segmentation fault (core dumped)
m00n@crack3:~/w0rk$ ls -ls core
148 -rw------- 1 root root 147456 2007-11-03 04:34 core
m00n@crack3:~/w0rk$ su
Password:
root@crack3:/home/m00n/w0rk# chown m00n:m00n core
root@crack3:/home/m00n/w0rk# exit
exit
m00n@crack3:~/w0rk$ ./retlib `perl -e 'print "\x41"x100'`
Exploiting via returnig into libc function
Segmentation fault (core dumped)
m00n@crack3:~/w0rk$ gdb -q -c core
(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
Core was generated by `./retlib BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'.
Program terminated with signal 11, Segmentation fault.
#0 0x42424242 in ?? ()
(gdb) q
as we can see it doesnt change there is a 'B' character
while there should be an 'A'