[BOF원정대/Fedora4] dark_stone -> cruel /* The Lord of the BOF : The Fellowship of the BOF - cruel - Local BOF on Fedora Core 4 - hint : no more fake ebp, RET sleding on random library */ #include #include #include int main(int argc, char *argv[]) { char buffer[256]; if(argc & result $ xxd result | grep cve -A 4 ... 0000640: 6563 7665 2822 85c0 7553 65a1 5422 2c20 ecve("..uSe.T", 0000650: 5b30 5d2c 205b 2f2a 2030 2076 6172 7320 [0], [.. 더보기 [BOF원정대/Fedora3] evil_wizard -> dark_stone /* The Lord of the BOF : The Fellowship of the BOF - dark_stone - Remote BOF on Fedora Core 3 - hint : GOT overwriting again - port : TCP 8888 */ #include // magic potion for you void pop_pop_ret(void) { asm("pop %eax"); asm("pop %eax"); asm("ret"); } int main() { char buffer[256]; char saved_sfp[4]; int length; char temp[1024]; printf("dark_stone : how fresh meat you are!\n"); printf("you : ");.. 더보기 [BOF원정대/Fedora3] hell_fire -> evil_wizard /* The Lord of the BOF : The Fellowship of the BOF - evil_wizard - Local BOF on Fedora Core 3 - hint : GOT overwriting */ // magic potion for you void pop_pop_ret(void) { asm("pop %eax"); asm("pop %eax"); asm("ret"); } int main(int argc, char *argv[]) { char buffer[256]; char saved_sfp[4]; int length; if(argc 더보기 이전 1 ··· 17 18 19 20 21 22 23 ··· 27 다음