2014/0712 [LOB_FC3] dark_eyes ->hell_fire #Env - NX- ascii armor- random stack #Technic - do_system RTL hell_fire.c 소스 /* The Lord of the BOF : The Fellowship of the BOF - hell_fire - Remote BOF on Fedora Core 3 - hint : another fake ebp or got overwriting - port : TCP 7777 */ #include int main() { char buffer[256]; char saved_sfp[4]; char temp[1024]; printf("hell_fire : What's this smell?\n"); printf("you : "); fflush(stdout); // give .. 2014. 7. 12. [LOB_FC3] iron_golem -> dark_eyes #Env - NX- ascii armor- random stack #Technic - &ret sled로 RTL 인자 구성 dark_eyes.c 소스 [iron_golem@Fedora_1stFloor ~]$ cat dark_eyes.c /* The Lord of the BOF : The Fellowship of the BOF - dark_eyes - Local BOF on Fedora Core 3 - hint : RET sleding */ int main(int argc, char *argv[]) { char buffer[256]; char saved_sfp[4]; if(argc < 2){ printf("argv error\n"); exit(0); } // save sfp memcpy(saved_sfp,.. 2014. 7. 12. [Rookiss] fsb fsb.c 소스 #include #include #include unsigned long long key; char buf[100]; char buf2[100]; int fsb(char** argv, char** envp){ char* args[]={"/bin/sh", 0}; int i; char*** pargv = &argv; char*** penvp = &envp; char** arg; char* c; for(arg=argv;*arg;arg++) for(c=*arg; *c;c++) *c='\0'; for(arg=envp;*arg;arg++) for(c=*arg; *c;c++) *c='\0'; *pargv=0; *penvp=0; for(i=0; i 2014. 7. 7. [LOB_FC3] gate ->iron_golem #Env - NX- ascii armor- random stack #Technic - &ret sled로 RTL 인자 구성 iron_golem.c 소스 [gate@Fedora_1stFloor ~]$ cat iron_golem.c /* The Lord of the BOF : The Fellowship of the BOF - iron_golem - Local BOF on Fedora Core 3 - hint : fake ebp */ int main(int argc, char *argv[]) { char buffer[256]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); } 1] .. 2014. 7. 5. 이전 1 2 3 다음