ahv | 13 years ago | on: Ask HN: What is this? 158268a350000000
ahv's comments
ahv | 14 years ago | on: Linux Local Privilege Escalation via SUID /proc/pid/mem Write
Or if you know the distro, it is trivial to get the package containing the su executable and locate the address.
ahv | 14 years ago | on: Linux Local Privilege Escalation via SUID /proc/pid/mem Write
Also works on Arch with minor modifications.
Had to change 'exit@plt' to '<exit@plt' where it searches for the relevant function and change the program run from /bin/su to /bin/mount.
page 1
Left one for the data ending with "f200000000", right one with "50000000". For these I just assumed the numbers were 64-bit little endian integers.