"Converting a memory corruption into a nice weird machine is quite satisfying."
-- Mark Dowd
This repository contains all materials related to "My last Solaris talk (not your average keynote)" presented at #RomHack21 on September 25, 2021.
Related links:
https://youtu.be/Nc9ZLTb2hQ8 (video)
http://phrack.org/issues/70/13.html#article (article)
https://security.humanativaspa.it/my-last-solaris-talk-not-your-average-keynote/ (blog)
- Exploiting a Format String Bug in Solaris CDE. A Phrack article that expands on my presentation.
- raptor_dtprintcheckdir_sparc2.c. The Solaris/SPARC format string exploit I dissected during my presentation.
- raptor_dtprintcheckdir_sparc.c. Another version of the same exploit that targets function activation records.
- raptor_dtprintcheckdir_intel2.c. Solaris/Intel format string exploit.
- raptor_dtprintcheckdir_intel.c. Solaris/Intel stack-based buffer overflow exploit.