Re: sample buffer overflow exploit problem
From: sohlow (sohlow_at_hushmail.com)
Date: 09/29/03
- Previous message: Luigi Auriemma: "Format string bug in Half-Life client, but is it really exploitable???"
- Maybe in reply to: Ganbold: "sample buffer overflow exploit problem"
- Next in thread: Ganbold: "RE: sample buffer overflow exploit problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Sep 2003 12:19:10 -0700 To: ganbold@micom.mng.net
>Is there anyway I can generate shellcodes in FreeBSD?
a good tute to check out [for bsd/unix asm development] is at
http://www.int80h.org/bsdasm/
next thing you'd need to do is find a list of the syscalls you
wanna use. use the src as a last resort.
sohlow
>From: Ganbold <ganbold@micom.mng.net>
>To: vuln-dev@securityfocus.com
>Subject: sample buffer overflow exploit problem
>Date: Sat, 27 Sep 2003 16:54:59 +0900
>
>Hi,
>
>I'm very new to buffer overflow exploit technics and my boss wants me
to
>thoroughly understand
>how it works. I'm trying to exploit sample network server in FreeBSD
5.1
>for this purpose.
>When I try to exploit using execve /bin/sh (shellcode1), it works and
>launches the shell in the remote machine.
>However when I try to use port binding shell code, it binds shell to
the
>port, but when I try to connect to
>it, it just closes the connection. Also I can't connect to bind port
after
>sending buffer using following code snippets:
>..............
> printf("[-] Connecting to bindshell...\n");
> remote.sin_family = AF_INET;
> remote.sin_addr = *((struct in_addr *)host->h_addr);
> remote.sin_port = htons(12345);
> if (connect(s, (struct sockaddr *)&remote, sizeof(remote))==-1)
> {
> close(s);
> fprintf(stderr, "Error: connect\n");
> return -1;
> }
> exec_sh(s);
>...............
>
>I appreciate if somebody give me some help to solve this test problem.
>Is there anywhere I can find detailed explanation about buffer overflows
>and working sample network exploits?
>Is there anyway I can generate shellcodes in FreeBSD?
>
>I attached my sample server code and exploit code.
>
>thanks in advance,
>
>Ganbold Ts,
>
>senior programmer,
>Micom Co., Ltd
>Ulaanbaatar,
>Mongolia
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
- Previous message: Luigi Auriemma: "Format string bug in Half-Life client, but is it really exploitable???"
- Maybe in reply to: Ganbold: "sample buffer overflow exploit problem"
- Next in thread: Ganbold: "RE: sample buffer overflow exploit problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
