API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 23rd, 2016
195
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 8.01 KB | None | 0 0
raw download clone embed print report
  1. $ radare2 secure_shell.elf
  2. Warning: Cannot initialize dynamic strings
  3.  -- Here be dragons.
  4. [0x08048d0a]> aaa
  5. [x] Analyze all flags starting with sym. and entry0 (aa)
  6. [x] Analyze len bytes of instructions for references (aar)
  7. [x] Analyze function calls (aac)
  8. [ ] [*] Use -AA or aaaa to perform additional experimental analysis.
  9. [x] Constructing a function name for fcn.* and sym.func.* functions (aan))
  10. [0x08048d0a]> iz~Access
  11. vaddr=0x080becfe paddr=0x00076cfe ordinal=005 sz=15 len=14 section=.rodata type=ascii string=Access denied.
  12. vaddr=0x080d9c40 paddr=0x00091c40 ordinal=1238 sz=37 len=36 section=.rodata type=ascii string=Accessing a corrupted shared library
  13. [0x08048d0a]> axt 0x080becfe
  14. data 0x8048f3e mov dword [esp], str.Access_denied. in fcn.08048f09
  15. [0x08048d0a]> pdf @ fcn.08048f09
  16. - (fcn) fcn.08048f09 233
  17. |   fcn.08048f09 ();
  18. |           ; var int local_210h @ ebp-0x210
  19. |           ; var int local_110h @ ebp-0x110
  20. |           ; var int local_10h @ ebp-0x10
  21. |           ; var int local_ch @ ebp-0xc
  22. |           ; var int local_0h @ ebp-0x0
  23. |           ; CALL XREF from 0x08049059 (fcn.08048ff2)
  24. |           0x08048f09      55             push ebp
  25. |           0x08048f0a      89e5           mov ebp, esp
  26. |           0x08048f0c      81ec28020000   sub esp, 0x228
  27. |           0x08048f12      c70424ebec0b.  mov dword [esp], str._nEnter_file_name: ; [0x80beceb:4]=0x746e450a LEA str._nEnter_file_name: ; str._nEnter_file_name:
  28. |           0x08048f19      e822650000     call fcn.0804f440
  29. |           0x08048f1e      8d85f0feffff   lea eax, [ebp - local_110h]
  30. |           0x08048f24      890424         mov dword [esp], eax
  31. |           0x08048f27      e814710000     call fcn.08050040
  32. |           0x08048f2c      8d85f0feffff   lea eax, [ebp - local_110h]
  33. |           0x08048f32      890424         mov dword [esp], eax
  34. |           0x08048f35      e868ffffff     call fcn.08048ea2
  35. |           0x08048f3a      85c0           test eax, eax
  36. |       ,=< 0x08048f3c      7511           jne 0x8048f4f
  37. |       |   0x08048f3e      c70424feec0b.  mov dword [esp], str.Access_denied. ; [0x80becfe:4]=0x65636341 LEA str.Access_denied. ; "Access denied." @ 0x80becfe
  38. |       |   0x08048f45      e886720000     call fcn.080501d0
  39. |      ,==< 0x08048f4a      e9a1000000     jmp 0x8048ff0
  40. |      ||   ; JMP XREF from 0x08048f3c (fcn.08048f09)
  41. |      |`-> 0x08048f4f      c74424040ded.  mov dword [esp + 4], 0x80bed0d ; [0x80bed0d:4]=0x6f430072 ; "rCould not open file.Content of file:\x0a1. List directory2. Print file3. Log out> %i\x0aLog out...\x0aError! Try again...Username: Password: admingod\x0aWelcome!\x0aRestricted area! Keep off!libc-start.cFATAL: kernel too old\x0a/dev/urandom__libc_start_main"
  42. |      |    0x08048f57      8d85f0feffff   lea eax, [ebp - local_110h]
  43. |      |    0x08048f5d      890424         mov dword [esp], eax
  44. |      |    0x08048f60      e87b6c0000     call fcn.0804fbe0
  45. |      |    0x08048f65      8945f4         mov dword [ebp - local_ch], eax
  46. |      |    0x08048f68      837df400       cmp dword [ebp - local_ch], 0
  47. |      |,=< 0x08048f6c      750e           jne 0x8048f7c
  48. |      ||   0x08048f6e      c704240fed0b.  mov dword [esp], str.Could_not_open_file. ; [0x80bed0f:4]=0x6c756f43 LEA str.Could_not_open_file. ; "Could not open file." @ 0x80bed0f
  49. |      ||   0x08048f75      e856720000     call fcn.080501d0
  50. |     ,===< 0x08048f7a      eb74           jmp 0x8048ff0
  51. |     |||   ; JMP XREF from 0x08048f6c (fcn.08048f09)
  52. |     ||`-> 0x08048f7c      c7042424ed0b.  mov dword [esp], str.Content_of_file: ; [0x80bed24:4]=0x746e6f43 LEA str.Content_of_file: ; "Content of file:" @ 0x80bed24
  53. |     ||    0x08048f83      e848720000     call fcn.080501d0
  54. |     ||    ; JMP XREF from 0x08048fe3 (fcn.08048f09)
  55. |     ||.-> 0x08048f88      8b45f4         mov eax, dword [ebp - local_ch]
  56. |     |||   0x08048f8b      8944240c       mov dword [esp + 0xc], eax
  57. |     |||   0x08048f8f      c74424080001.  mov dword [esp + 8], 0x100  ; [0x100:4]=0x554e47
  58. |     |||   0x08048f97      c74424040100.  mov dword [esp + 4], 1
  59. |     |||   0x08048f9f      8d85f0fdffff   lea eax, [ebp - local_210h]
  60. |     |||   0x08048fa5      890424         mov dword [esp], eax
  61. |     |||   0x08048fa8      e8636c0000     call fcn.0804fc10
  62. |     |||   0x08048fad      8945f0         mov dword [ebp - local_10h], eax
  63. |     |||   0x08048fb0      a1c0b40e08     mov eax, dword [0x80eb4c0]  ; [0x80eb4c0:4]=0x80eb200
  64. |     |||   0x08048fb5      8944240c       mov dword [esp + 0xc], eax
  65. |     |||   0x08048fb9      8b45f0         mov eax, dword [ebp - local_10h]
  66. |     |||   0x08048fbc      89442408       mov dword [esp + 8], eax
  67. |     |||   0x08048fc0      c74424040100.  mov dword [esp + 4], 1
  68. |     |||   0x08048fc8      8d85f0fdffff   lea eax, [ebp - local_210h]
  69. |     |||   0x08048fce      890424         mov dword [esp], eax
  70. |     |||   0x08048fd1      e85a6d0000     call fcn.0804fd30
  71. |     |||   0x08048fd6      8b45f4         mov eax, dword [ebp - local_ch]
  72. |     |||   0x08048fd9      890424         mov dword [esp], eax
  73. |     |||   0x08048fdc      e80f750000     call fcn.080504f0
  74. |     |||   0x08048fe1      85c0           test eax, eax
  75. |     ||`=< 0x08048fe3      74a3           je 0x8048f88
  76. |     ||    0x08048fe5      8b45f4         mov eax, dword [ebp - local_ch]
  77. |     ||    0x08048fe8      890424         mov dword [esp], eax
  78. |     ||    0x08048feb      e880660000     call fcn.0804f670
  79. |     ||    ; JMP XREF from 0x08048f4a (fcn.08048f09)
  80. |     ||    ; JMP XREF from 0x08048f7a (fcn.08048f09)
  81. |     ``--> 0x08048ff0      c9             leave
  82. =<           0x08048ff1      c3             ret
  83. [0x08048d0a]> pdf @ fcn.08048ea2
  84. - (fcn) fcn.08048ea2 103
  85. |   fcn.08048ea2 (int arg_8h);
  86. |           ; arg int arg_8h @ ebp+0x8
  87. |           ; CALL XREF from 0x08048f35 (fcn.08048f09)
  88. |           0x08048ea2      55             push ebp
  89. |           0x08048ea3      89e5           mov ebp, esp
  90. |           0x08048ea5      83ec18         sub esp, 0x18
  91. |           0x08048ea8      c7442404dfec.  mov dword [esp + 4], str.flag.txt ; [0x80becdf:4]=0x67616c66 LEA str.flag.txt ; "flag.txt" @ 0x80becdf
  92. |           0x08048eb0      8b4508         mov eax, dword [ebp + arg_8h] ; [0x8:4]=0
  93. |           0x08048eb3      890424         mov dword [esp], eax
  94. |           0x08048eb6      e8953b0100     call fcn.0805ca50
  95. |           0x08048ebb      85c0           test eax, eax
  96. |       ,=< 0x08048ebd      7407           je 0x8048ec6
  97. |       |   0x08048ebf      b800000000     mov eax, 0
  98. |      ,==< 0x08048ec4      eb41           jmp 0x8048f07
  99. |      ||   ; JMP XREF from 0x08048ebd (fcn.08048ea2)
  100. |      |`-> 0x08048ec6      c7442404e8ec.  mov dword [esp + 4], 0x80bece8 ; [0x80bece8:4]=0xa002e2e ; ".."
  101. |      |    0x08048ece      8b4508         mov eax, dword [ebp + arg_8h] ; [0x8:4]=0
  102. |      |    0x08048ed1      890424         mov dword [esp], eax
  103. |      |    0x08048ed4      e8773b0100     call fcn.0805ca50
  104. |      |    0x08048ed9      85c0           test eax, eax
  105. |      |,=< 0x08048edb      7407           je 0x8048ee4
  106. |      ||   0x08048edd      b800000000     mov eax, 0
  107. |     ,===< 0x08048ee2      eb23           jmp 0x8048f07
  108. |     |||   ; JMP XREF from 0x08048edb (fcn.08048ea2)
  109. |     ||`-> 0x08048ee4      c74424042f00.  mov dword [esp + 4], 0x2f   ; '/' ; [0x2f:4]=0x1c001d00 ; '/'
  110. |     ||    0x08048eec      8b4508         mov eax, dword [ebp + arg_8h] ; [0x8:4]=0
  111. |     ||    0x08048eef      890424         mov dword [esp], eax
  112. |     ||    0x08048ef2      e8a9f3ffff     call fcn.080482a0
  113. |     ||    0x08048ef7      85c0           test eax, eax
  114. |     ||,=< 0x08048ef9      7407           je 0x8048f02
  115. |     |||   0x08048efb      b800000000     mov eax, 0
  116. |    ,====< 0x08048f00      eb05           jmp 0x8048f07
  117. |    ||||   ; JMP XREF from 0x08048ef9 (fcn.08048ea2)
  118. |    |||`-> 0x08048f02      b801000000     mov eax, 1
  119. |    |||    ; JMP XREF from 0x08048ec4 (fcn.08048ea2)
  120. |    |||    ; JMP XREF from 0x08048ee2 (fcn.08048ea2)
  121. |    |||    ; JMP XREF from 0x08048f00 (fcn.08048ea2)
  122. |    ```--> 0x08048f07      c9             leave
  123. =<           0x08048f08      c3             ret
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!