Dailydave mailing list archives
Re: relro, aslr & stuff
From: Joel Eriksson <je () bitnux com>
Date: Wed, 18 Apr 2007 09:41:07 +0200
On Tue, Apr 17, 2007 at 03:02:32PM +0200, Sebastian Krahmer wrote:
Yo, For those who are in Linux exploitation: http://c-skills.blogspot.com/2007/04/relro.html
On a related note: --- /* * 0xbadc0ded.org Challenge #02 (2003-07-08) * * Joel Eriksson <je () 0xbadc0ded org> */ #include <string.h> #include <stdlib.h> #include <stdio.h> unsigned long val = 31337; unsigned long *lp = &val; int main(int argc, char **argv) { unsigned long **lpp = &lp, *tmp; char buf[128]; if (argc != 2) exit(1); strcpy(buf, argv[1]); if (((unsigned long) lpp & 0xffff0000) != 0x08040000) exit(2); tmp = *lpp; **lpp = (unsigned long) &buf; *lpp = tmp; exit(0); } --- I knew the technique would turn out to be useful someday. ;)
l8er, Sebastian
-- Best Regards, Joel Eriksson CTO Bitsec AB _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- relro, aslr & stuff Sebastian Krahmer (Apr 17)
- Re: relro, aslr & stuff Joel Eriksson (Apr 18)