logo       
<prev   next>

Re: relro, aslr & stuff: msg#00035

security.dailydave

Subject: Re: relro, aslr & stuff


On Tue, Apr 17, 2007 at 03:02:32PM +0200, Sebastian Krahmer wrote:
>
> Yo,
>
> For those who are in Linux exploitation:
>
> http://c-skills.blogspot.com/2007/04/relro.html

On a related note:

---
/*
* 0xbadc0ded.org Challenge #02 (2003-07-08)
*
* Joel Eriksson <je@xxxxxxxxxxxxxx>
*/

#include <string.h>
#include <stdlib.h>
#include <stdio.h>

unsigned long val = 31337;
unsigned long *lp = &val;

int main(int argc, char **argv)
{
unsigned long **lpp = &lp, *tmp;
char buf[128];

if (argc != 2)
exit(1);

strcpy(buf, argv[1]);

if (((unsigned long) lpp & 0xffff0000) != 0x08040000)
exit(2);

tmp = *lpp;
**lpp = (unsigned long) &buf;
*lpp = tmp;

exit(0);
}
---

I knew the technique would turn out to be useful someday. ;)

> l8er,
> Sebastian

--
Best Regards,
Joel Eriksson
CTO Bitsec AB
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hmph: 00035, Tucker Dummychuck
Next by Date:  Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks: 00035, Praburaajan
Previous by Thread:  relro, aslr & stuffi: 00035, Sebastian Krahmer
Next by Thread:  Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks: 00035, Praburaajan
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise