본문 바로가기

buffer of flow8

[LOB] death_knight 기나긴 여정이 끝났다. [death_knight@localhost death_knight]$ lsdropped_item.txt[death_knight@localhost death_knight]$ cat ./dropped_item.txt You're so great! This is a token to the next gate. ,. ,' `. ,' __ `. ,'.-'____`-.`. ,'_.-'' ``-._`. ,',' /\ `.`. ,' /.._ O / \ O _.,\ `. ,'/ / \ ``-;.--.:-'' / \ \`. ,' : : \ /\`.,'/\ / : : `. () `. : : / \/,'`.\/ \ ; ; ,' `.\ \ /_..-:`--';-.. 2016. 12. 9.

[LOB] xavius -> death_knight /* The Lord of the BOF : The Fellowship of the BOF - dark knight - remote BOF*/ #include #include #include #include #include #include #include #include #include main(){char buffer[40]; int server_fd, client_fd; struct sockaddr_in server_addr; struct sockaddr_in client_addr; int sin_size; if((server_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1){perror("socket");exit(1);} server_addr.sin_family = A.. 2016. 12. 9.

[LOB] nightmare -> xavius /* The Lord of the BOF : The Fellowship of the BOF - xavius - arg*/ #include #include #include main(){char buffer[40];char *ret_addr; // overflow!fgets(buffer, 256, stdin);printf("%s\n", buffer); if(*(buffer+47) == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(*(buffer+47) == '\x08') { printf("binary image retbayed you, too!!\n"); exit(0); } // check if the ret_addr is library function or.. 2016. 12. 8.

[LOB] succubus -> nightmare /* The Lord of the BOF : The Fellowship of the BOF - nightmare - PLT*/ #include #include #include #include main(int argc, char *argv[]){char buffer[40];char *addr; if(argc < 2){printf("argv error\n");exit(0);} // check addressaddr = (char *)&strcpy; if(memcmp(argv[1]+44, &addr, 4) != 0){ printf("You must fall in love with strcpy()\n"); exit(0); } // overflow! strcpy(buffer, argv[1]);printf("%s\n.. 2016. 12. 8.

이전 1 2 다음

티스토리툴바