Re: buffer overflow to spawn shell

From: Gareth Bromley (gbromley_at_intstar.com)
Date: 02/02/05

  • Next message: Gareth Bromley: "Re: Newbie: how do I limit a user to just a home directory?"
    Date: Wed, 02 Feb 2005 21:20:34 GMT
    
    

    coollink wrote:
    > Payton, What he's telling you is you need to rename the program
    > name(which is the string stored in argv[0]) to be a buffer with your
    > nop sled and shellcode in it. the way i'd exploit would be to rename it
    > with this command:
    > mv "execname" `perl -e 'print "\x90"xhoweverlongnopsledis;'``cat
    > shellcode`
    > of course this command implies you have a plain file in the directory
    > called shellcode with your shellcode in it.
    > if you cant create a file in the directory change the command to be
    > mv "execname" `perl -e 'print
    > "\x90"xhoweverbignopsledis;'`blahblahblah<------shellcode here instead
    > of blahs.
    And the other thing to watch out for is to ensure that the shellcode you
    use consists of printable ASCII instructions.

    A good set of texts on this is contained within 'HACKING The Art of
    Exploitation' by Jon Erickson.


  • Next message: Gareth Bromley: "Re: Newbie: how do I limit a user to just a home directory?"