Nmap Development mailing list archives

RE: Finding real host in Nmap -D Scans

From: Alexander Bartolich <alexander.bartolich () gmx at>
Date: Tue, 4 Mar 2003 09:27:38 +0100 (MET)

John W. Lampe wrote:

[...]
<Pre>Do you know the base address of the Global Offset Table (GOT) on a
Solaris 8 box?
CORE IMPACT does.</Pre>


Sure. What's the problem?
Get an account on cf.sourceforge.net.
Login in to box M. or N. then type:

$ greadelf -S /bin/sh | sed -ne '4p' -e '/\.got/p'
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk
Inf Al
  [16] .got              PROGBITS        00036000 016000 000004 04  WA   0  
0 8192

The base address of the code segment is 0x10000, the other line is the data
segment.

$ greadelf -l /bin/sh | sed -ne '7p' -e '/LOAD/p'
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x00010000 0x00000000 0x15a57 0x15a57 R E 0x10000
  LOAD           0x016000 0x00036000 0x00000000 0x00f66 0x03aec RWE 0x10000

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

Finding real host in Nmap -D Scans Ryan (Mar 02)
- <Possible follow-ups>
- RE: Finding real host in Nmap -D Scans Kevin Hodle (Mar 03)
  - Re: Finding real host in Nmap -D Scans H D Moore (Mar 03)
  - Re: Finding real host in Nmap -D Scans Fyodor (Mar 03)
- RE: Finding real host in Nmap -D Scans Lampe, John W. (Mar 03)
  - RE: Finding real host in Nmap -D Scans Alexander Bartolich (Mar 04)