Re: What's this C code?
From: tide (tide@thunderchick.com)Date: 07/26/02
- Previous message: pargmarj@asc.hpc.mil: "Re: how to tell when a file was last read"
- In reply to: Britt A. Green: "What's this C code?"
- Next in thread: pargmarj@asc.hpc.mil: "Re: What's this C code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: tide <tide@thunderchick.com> To: "Britt A. Green" <bugtraq@experimentzero.org> Date: 26 Jul 2002 18:13:01 +0200
Hi there...
What you see below is more or less what you see, when you open an
executable in a hex editor... machine code (here it's written in a
special way, so the c compiler treats it the right way). These bunch of
numbers are raw instructions for the processor to do 'something'.
In order to gain remote access over a system, you have to tell it to
open a port where the system's listening so you can login and do
whatever you want. To achieve this, you usually exploit some buffer
overflow by sending a lot of trash input data plus something like the
stuff below appended to the trash, overwriting the instruction pointer
to point at the place where your shellcode is located in the stack. The
shellcode is then being executed and opens a connection for you to login
or delete files or (you name it, there are no limits... almost).
I tried writing this in a way, everyone with c and pc architecture
knowledge should understand. If you didn't you should go and learn about
assembler, the stack, the cpu registers, the instruction pointer etc...
Here's the classic lecture on buffer overflows: Smashing The Stack For
Fun And Profit (http://www.phrack.org/show.php?p=49&a=14)
Am Mit, 2002-07-24 um 21.28 schrieb Britt A. Green:
> I'll occasionally see C code come thru on bugtraq detailing an exploit.
> Often it will include several portions of code, like the sample below. Why
> does this array use hex? What's the purpose of it? Just curious, I guess....
>
> long shellcode[]=
> {
> 0x4151c931,0x51514151,0x61b0c031,0x078980cd,
> 0x4f88c931,0x0547c604,0x084f8902,0x0647c766,
> 0x106a391b,0x5004478d,0x5050078b,0x68b0c031,
> 0x016a80cd,0x5050078b,0x6ab0c031,0xc93180cd,
> 0x078b5151,0xc0315050,0x80cd1eb0,0xc9310789,
> 0x50078b51,0xb0c03150,0x4180cd5a,0x7503f983,
> 0x5b23ebef,0xc9311f89,0x89074b88,0x8d51044f,
> 0x078b5007,0xc0315050,0x80cd3bb0,0x5151c931,
> 0x01b0c031,0xd8e880cd,0x2fffffff,0x2f6e6962,
> 0x90416873
> };
>
> --
> "My mom says I'm cool."
>
- Previous message: pargmarj@asc.hpc.mil: "Re: how to tell when a file was last read"
- In reply to: Britt A. Green: "What's this C code?"
- Next in thread: pargmarj@asc.hpc.mil: "Re: What's this C code?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
