level 3 -> 4 /* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } strcpy(buffer, argv.. 더보기 level 2 -> 3 [cobolt@localhost cobolt]$ cat goblin.c /* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin*/ int main(){ char buffer[16]; gets(buffer); printf("%s\n", buffer);} Dump of assembler code for function main:0x80483f8 :push %ebp0x80483f9 :mov %ebp,%esp0x80483fb :sub %esp,160x80483fe :lea %eax,[%ebp-16]0x8048401 :push %eax0x8048402 :call 0x804830c 0x8048407 :add %esp,40x.. 더보기 level 1 -> 2 [gremlin@localhost gremlin]$ cat cobolt.c /* The Lord of the BOF : The Fellowship of the BOF - cobolt - small buffer*/ int main(int argc, char *argv[]){ char buffer[16]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer);} (gdb) disas mainDump of assembler code for function main:0x8048430 :push %ebp0x8048431 :mov %ebp,%esp0x8048433 :sub %esp,160x8048.. 더보기 이전 1 ··· 18 19 20 21 22 23 24 ··· 27 다음
