Updated the shellcodez and targets in my hfsunsshd to include a working ROP chain for Solaris 11.0 (SunSSH 2.0) on x86. I had to re-write the shellcode for 11.0 as dup2() and execve() have different argument conventions on Solaris 11 systems, also had some additional NULL in the stack address required to mprotect(). I will not be adding more targets or architectures to this (at least publicly) as it now contains the most recent x86 Solaris systems - enjoy!

· · Web · 0 · 0 · 0
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!