Just out of interest has anyone been playing with playing with FC4 yet ?

Still looking for a nice method to bypass all the FORTIFY_SOURCE junk..
makes life a pain..

Yeah i wasn't too happy when I started playing around with FC4..
the randomisation on the stack makes life a nightmare..
All I can say is keep at it..
I heard buffer underflows were explotable on FC4, cant say i've looked into it so take that one with a pinch of salt..

FC3 had it's issues and since then, they harderned FC4 up. So like I say best way is to look for any addr that is static and writeable.. lol but good luck on that one..

saying that if u wanted to turn all the FC4 security junk off so you can write standard exploits (for the likes of debian.. hahahaha) just turn off selinux and do:

echo 1 > /proc/sys/vm/legacy_va_layout
echo 0 > /proc/sys/kernel/randomize_va_space
echo 0 > /proc/sys/kernel/exec-shield

and that'll sort you out so you can do they usual funky exploits..

What do i need to get this to work? :wink: