|
作者:Sud0 译者:riusksk(泉哥:http://riusksk.blogbus.com)
前言 笔者Sud0 是Corelan安全组织成员(http://www.corelan.be:8800/index.php/security/corelan-team-members/ ),刚赢得Offensive Security Exploit weekend(http://www.offensive-security.com/offsec/exploit-weekend/ )大赛冠军,这是一场由Offensive Security 举办的exploit 编写大赛。这项挑战赛以存在漏洞的Foxit Reader 软件为目标,每一参赛者都会先得到一份Proofof Concept exploit (https://www.exploit-db.com/exploits/15514 ),并已明确指出这是个溢出漏洞,可通过控制结构化异常处理记录(structured exception handling record )来获得权限。下面是Offensive Security 在其官方博客上公布的信息: Aloha Offsec students! You’ve been slapped around byBob, abused by Nicky and crushed by NNM. Just as you thought it was over,Offensive Security now comes up with a brand new type of pain. This one is forall you hardcore exploit developers out there, who want a real challenge – anOffsec “Exploit Weekend”.
This is the deal:We provide you with a proof of concept, with EIP handed to you on a goldenplatter. All you need to do is get a shell….muhahaha. The event will take placenext weekend, 13th-14th of November and is open to Offsec alumni only. Thefirst person to send in a working POC with a bindshell payload on port 4444wins a 32 GB WiFi Ipad! For more information, check out the OffsecStudent forms. If you haven’t signed up for the 1day club forums, send inan email to our orders dept. with your OSID!
具体内容参见附件……
| 
发表于 2011-4-12 20:53
发表于 2011-4-14 13:05
发表于 2011-4-17 12:54
