Re: buffer overflow to spawn shell
From: Gareth Bromley (gbromley_at_intstar.com)
Date: Wed, 02 Feb 2005 21:20:34 GMT
> Payton, What he's telling you is you need to rename the program
> name(which is the string stored in argv) to be a buffer with your
> nop sled and shellcode in it. the way i'd exploit would be to rename it
> with this command:
> mv "execname" `perl -e 'print "\x90"xhoweverlongnopsledis;'``cat
> of course this command implies you have a plain file in the directory
> called shellcode with your shellcode in it.
> if you cant create a file in the directory change the command to be
> mv "execname" `perl -e 'print
> "\x90"xhoweverbignopsledis;'`blahblahblah<------shellcode here instead
> of blahs.
And the other thing to watch out for is to ensure that the shellcode you
use consists of printable ASCII instructions.
A good set of texts on this is contained within 'HACKING The Art of
Exploitation' by Jon Erickson.