blob: a62e46465d3ff25d34649362ceb3cc30645d1139 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
pamh points here:
(gdb) x/256wx 0x29278
struct pam_item ps_item[PAM_MAX_ITEMS = 64]; (64 * 8 bytes = 0x200 bytes)
0x29278: 0x00000000 0x00000000 0x00028db0 0x00000005
0x29288: 0x00000000 0x00000000 0x0002b2a8 0x0000000a
0x29298: 0x00028e40 0x00000000 0x00028dd0 0x00000008
0x292a8: 0x00000000 0x00000000 0x00000000 0x00000000
0x292b8: 0x00000000 0x00000000 0x00028e50 0x00000007
0x292c8: 0x00000000 0x00000000 0x00000000 0x00000000
0x292d8: 0x00000000 0x00000000 0x00000000 0x00000000
0x292e8: 0x00000000 0x00000000 0x00000000 0x00000000
0x292f8: 0x00000000 0x00000000 0x00000000 0x00000000
0x29308: 0x00000000 0x00000000 0x00000000 0x00000000
0x29318: 0x00000000 0x00000000 0x00000000 0x00000000
0x29328: 0x00000000 0x00000000 0x00000000 0x00000000
0x29338: 0x00000000 0x00000000 0x00000000 0x00000000
0x29348: 0x00000000 0x00000000 0x00000000 0x00000000
0x29358: 0x00000000 0x00000000 0x00000000 0x00000000
0x29368: 0x00000000 0x00000000 0x00000000 0x00000000
0x29378: 0x00000000 0x00000000 0x00000000 0x00000000
0x29388: 0x00000000 0x00000000 0x00000000 0x00000000
0x29398: 0x00000000 0x00000000 0x00000000 0x00000000
0x293a8: 0x00000000 0x00000000 0x00000000 0x00000000
0x293b8: 0x00000000 0x00000000 0x00000000 0x00000000
0x293c8: 0x00000000 0x00000000 0x00000000 0x00000000
0x293d8: 0x00000000 0x00000000 0x00000000 0x00000000
0x293e8: 0x00000000 0x00000000 0x00000000 0x00000000
0x293f8: 0x00000000 0x00000000 0x00000000 0x00000000
0x29408: 0x00000000 0x00000000 0x00000000 0x00000000
0x29418: 0x00000000 0x00000000 0x00000000 0x00000000
0x29428: 0x00000000 0x00000000 0x00000000 0x00000000
0x29438: 0x00000000 0x00000000 0x00000000 0x00000000
0x29448: 0x00000000 0x00000000 0x00000000 0x00000000
0x29458: 0x00000000 0x00000000 0x00000000 0x00000000
0x29468: 0x00000000 0x00000000 0x00000000 0x00000000
pamtab * pam_conf_info[PAM_NUM_MODULE_TYPES = 4]; (4 * 4 bytes = 0x10 bytes)
0x29478: 0x000295c0 0x00029638 0x00029700 0x000296b0
0x29488: 0x0002b2d8 ; struct pam_module_data *ssd;
0x2948c: 0x00028e70 ; fd_list * fd;
0x29490: 0x00000000 ; env_list * pam_env;
0x29494: 0x00000000 ; char * pam_client_message_version_number;
pamtab, pam_conf_info[0]:
"login" AUTH REQUIRED "/usr/lib/security/pam_unix.so.1"
0x295c0: 0x00028de0 0x00000000 0x00000001 0x000295e8
0x295d0: 0x00000000 0x00000000 0x00028e60 0x00029610
pamtab, pam_conf_info[1]:
"login" ACCOUNT REQUISITE "/usr/lib/security/pam_roles.so.1"
0x29638: 0x00028e10 0x00000001 0x00000008 0x0002a038
0x29648: 0x00000000 0x00000000 0x00000000 0x00029660
pamtab, pam_conf_info[2]:
"other" PASSWORD REQUIRED "/usr/lib/security/pam_unix.so.1"
0x29700: 0x00028e30 0x00000002 0x00000001 0x00029728
0x29710: 0x00000000 0x00000000 0x00000000 0x00000000
pamtab, pam_conf_info[3]:
"other" SESSION REQUIRED "/usr/lib/security/pam_unix.so.1"
0x296b0: 0x00028e20 0x00000003 0x00000001 0x000296d8
0x296c0: 0x00000000 0x00000000 0x00000000 0x00000000
pam_conf_info[0]->function_ptr:
0x28e60: 0xef4d4a70 0x00000000 0x00000009 0x00000000
0x28e70: 0xef6f060c 0x00028e90 0x00000009 0x00000000
0x28e80: 0xef4b091c 0x00000000 0x00000009 0x00000000
0x28e90: 0xef6f0c50 0x00000000 0x00000009 0x00000000
0x28ea0: 0x00028eb0 0xefffb1f0 0x00000009 0x00000000
0x28eb0: 0x00000000 0x00000000 0x00000009 0x00000000
pamh ->
[512 * NULL] ps_item, ps_item[2] = { "foo", 3 }
[pameptr] pam_conf_info[0] (AUTH)
[3 * NULL] pam_conf_info[1-3]
[NULL] ssd
[NULL] fd
[NULL] pam_env
[NULL] pam_client_message_version_number
pameptr ->
[NULL] pam_service
[NULL] pam_type
[NULL] pam_flag
[NULL] module_path
[NULL] module_argc
[NULL] module_argv
[pamfptr] function_ptr
pamfprt ->
[entry] pm_sm_authenticate()
entry -> shellcode
|
