Exploitation 141Since the notesearch exploit allows an optional command-line argument
to define the offset, different offsets can quickly be tested.
reader@hacking:~/booksrc $ gcc exploit_notesearch.c
reader@hacking:~/booksrc $ ./a.out 100
-------[ end of note data ]-------
reader@hacking:~/booksrc $ ./a.out 200
-------[ end of note data ]-------
reader@hacking:~/booksrc $
However, doing this manually is tedious and stupid. BASH also has a for
loop that can be used to automate this process. The seq command is a simple
program that generates sequences of numbers, which is typically used with
looping.
reader@hacking:~/booksrc $ seq 1 10
1 2 3 4 5 6 7 8 9
10
reader@hacking:~/booksrc $ seq 1 3 10
1
4
7
10
reader@hacking:~/booksrc $
When only two arguments are used, all the numbers from the first argu-
ment to the second are generated. When three arguments are used, the middle
argument dictates how much to increment each time. This can be used with
command substitution to drive BASH’s for loop.
reader@hacking:~/booksrc $ for i in $(seq 1 3 10)
do
echo The value is $i
done
The value is 1
The value is 4
The value is 7
The value is 10
reader@hacking:~/booksrc $