Re: relro, aslr & stuff

[Joel Eriksson <je () bitnux com>]

On Tue, Apr 17, 2007 at 03:02:32PM +0200, Sebastian Krahmer wrote:
> Yo,
>
> For those who are in Linux exploitation:
>
> http://c-skills.blogspot.com/2007/04/relro.html

On a related note:

---
/*
 * 0xbadc0ded.org Challenge #02 (2003-07-08)
 *
 * Joel Eriksson <je () 0xbadc0ded org>
 */

#include <string.h>
#include <stdlib.h>
#include <stdio.h>

unsigned long val = 31337;
unsigned long *lp = &val;

int main(int argc, char **argv)
{
        unsigned long **lpp = &lp, *tmp;
        char buf[128];

        if (argc != 2)
                exit(1);

        strcpy(buf, argv[1]);

        if (((unsigned long) lpp & 0xffff0000) != 0x08040000)
                exit(2);

        tmp = *lpp;
        **lpp = (unsigned long) &buf;
        *lpp = tmp;

        exit(0);
}
---

I knew the technique would turn out to be useful someday. ;)

> l8er,
> Sebastian

-- 
Best Regards,
Joel Eriksson
CTO Bitsec AB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave