few days ago I was waiting for another results from one of the fuzzers. I decided to start
another VM - this time with Kali2 - and try to find few bugs to play...
...and that's how I found some about 50 bugs in software installed on the box by default.
One of them is really simple to exploit and get a shell (not uid0, but I thought it will also
be a cool exercise if you want to practice exploit writing). Try /usr/bin/jad to findout how.
The binary is pretty old, but - for fun - it's always pleasure to exploit another bug. ;)
Check the screen below to see the whole process. I decided to add gdb-peda to Kali.
If you want - 'try it at home' ;)
Some steps you will take should probably be similar to:
- prepare a shellcode (I used 24b long code from gdb-peda default bank)
- find an offset
- find a RET
- enjoy your shell ;)
If you will have any questions, feel free to ask. I will answer as soon as possible.
Later I will try to post here some more cases... :)