Hacking - The Art of Exploitation, 2nd Edition
Exploitation 147 reader@hacking:~/booksrc $ ./notesearch $(perl -e 'print "\x46\xff\xff\xbf"x40') [DEBUG] found a 34 byte note f ...
148 0x300 int main(int argc, char *argv[]) { char *ptr; if(argc < 3) { printf("Usage: %s <environment var> <target p ...
Exploitation 149 signal(SIGINT, sigint); signal(SIGQUIT, sigquit); return(ret); } The important part of this function is shown i ...
150 0x300 char *buffer = (char *) malloc(160); ret = 0xbffffffa - (sizeof(shellcode)-1) - strlen("./notesearch"); for(i=0; i < ...
Exploitation 151 Under normal conditions, the buffer allocation is located at 0x804a008, which is before the datafile allocation ...
152 0x300 b7e99000-b7e9a000 rw-p b7e99000 00:00 0 b7e9a000-b7fd5000 r-xp 00000000 07:00 15795 /rofs/lib/tls/i686/cmov/libc-2.5.s ...
Exploitation 153 A string is read until a null byte is encountered, so the entire string is written to the file as the userinput ...
154 0x300 for that user. Using the salt value from the stored encrypted password, the system uses the same one-way hashing algor ...
Exploitation 155 be difficult to access this account and obtain root access, as the following output shows. reader@hacking:~/boo ...
156 0x300 0x342 Overflowing Function Pointers If you have played with the game_of_chance.c program enough, you will realize that ...
Exploitation 157 if((choice < 1) || (choice > 7)) printf("\n[!!] The number %d is an invalid selection.\n\n", choice); els ...
158 0x300 7 - Quit [Name: Jon Erickson] [You have 60 credits] -> [1]+ Stopped ./game_of_chance reader@hacking:~/booksrc $ You ...
Exploitation 159 Enter your new name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...
160 0x300 0804b630 A _edata 0804b6d4 A _end 080496a0 T _fini 080496c0 R _fp_hw 08048484 T _init 080485c0 T _start 080485e4 t cal ...
Exploitation 161 input. These selections will be made as if they were typed. The following example will choose menu item 1, try ...
162 0x300 n 5 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAp? 1 n 7 read ...
Exploitation 163 [DEBUG] current_game pointer @ 0x08048d70 +++++ JACKPOT +++++ You have won the jackpot of 100 credits! You now ...
164 0x300 6 - Reset your account at 100 credits 7 - Quit [Name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...
Exploitation 165 You now have 730 credits Would you like to play again? (y/n) [DEBUG] current_game pointer @ 0x08048d70 +++++ JA ...
166 0x300 [Name: Jon Erickson] [You have 1230 credits] -> Thanks for playing! Bye. reader@hacking:~/booksrc $ As you might ha ...
«
4
5
6
7
8
9
10
11
12
13
»
Free download pdf