( mn3monic | 2012. 01. 23., h – 13:30 )

[0:majki@arch] ~ % uname -a                                                           pts/0 | 13:15
Linux arch 3.1.5-1-ARCH #1 SMP PREEMPT Sat Dec 10 14:43:09 CET 2011 x86_64 Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz GenuineIntel GNU/Linux
[0:majki@arch] ~ % whoami                                                             pts/0 | 13:15
majki
[0:majki@arch] ~ % ./mempodipper                                                      pts/0 | 13:15
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/1315/mem in child.
[+] Sending fd 3 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Reading su for exit@plt.
[+] Resolved exit@plt to 0x401ab8.
[+] Calculating su padding.
[+] Seeking to offset 0x401aaf.
[+] Executing su with shellcode.
[125:majki@arch] ~ % whoami                                                           pts/0 | 13:15
majki
[0:majki@arch] ~ % 

--

0:majki@arch] ~ % uname -a                                                           pts/0 | 13:29
Linux arch 3.2.1-1-ARCH #1 SMP PREEMPT Fri Jan 13 06:50:31 CET 2012 x86_64 Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz GenuineIntel GNU/Linux
[0:majki@arch] ~ % whoami                                                             pts/0 | 13:29
majki
[0:majki@arch] ~ % ./mempodipper                                                      pts/0 | 13:29
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/610/mem in child.
[+] Sending fd 3 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Reading su for exit@plt.
[+] Resolved exit@plt to 0x401a60.
[+] Calculating su padding.
[+] Seeking to offset 0x401a57.
[+] Executing su with shellcode.
zsh: segmentation fault  ./mempodipper
[139:majki@arch] ~ % whoami                                                           pts/0 | 13:29
majki
[0:majki@arch] ~ % 

--
HUPbeszolas FF extension