BOF ???? ????~! Feat. LoB

About This Presentation

Title:

BOF ???? ????~! Feat. LoB

Description:

INDEX. LOB? 1. BOF! (feat. gdb) 2. BOF! (feat. Level) 3. Darkknight : new attacker. Xavius : throw me away – PowerPoint PPT presentation

Number of Views:66

Avg rating:3.0/5.0

Slides: 26

Provided by: tist257

Category:

more less

Transcript and Presenter's Notes

Title: BOF ???? ????~! Feat. LoB

1
BOF ???? ????!Feat. LoB
http//symnoisy.tistory.com/
2
INDEX.
3
INDEX.
4
1
LOB?
.

LORD OF BOF ???
????

5

2
BOF! ?? ???
Feat.gdb

?? ???
SFP
RET
????
ESP
EBP
EIP
????
NOP
???

????
.STACK
.HEAP
.DATA
.CODE
6

2
BOF! ?? ???
Feat.gdb

CALLING CONVENTION
CDECL printf()
STD CALL SUB
FAST CALL(??)

7

2
BOF! ?? ???
Feat.gdb

gate_at_localhost kucis cat basic.c
includeltstdio.hgt
int main(int argc, char argv)
char buffer1024
strcpy(buffer,argv1)
puts(buffer)

8

2
BOF! ?? ???
Feat.gdb

????? GO!

9
3
BOF! ? ?? ??? ?? ???
Feat. Level 1

gate_at_localhost gate cat gremlin.c
/
The Lord of the BOF The Fellowship of the BOF
- simple BOF
/
int main(int argc, char argv)
char buffer256
if(argc lt 2)
printf("argv error\n")
exit(0)
strcpy(buffer, argv1)
printf("s\n", buffer)

10
3
BOF! ? ?? ??? ?? ???
Feat. Level 1

int main(int argc, char argv)
EX)
./test perl e print ABCD perl e
print EFGH
Argc 3
Argv 0,1,2

11
3
BOF! ? ?? ??? ?? ???
Feat. Level 1
BUF 256
SFP
RET
12
3
BOF! ? ?? ??? ?? ???
Feat. Level 1

??
RET ? ?? ??? ?? ??? ??
??? ???? ???? ?? ??
(?,??? ?? ? ???)

13
3
BOF! ? ?? ??? ?? ???
Feat. Level 1
????? GO!
14
(No Transcript)
15
4
RTL? WHAT THE.......
Feat. Level 13

Canary
DEP/NX
ASCII Armor
ASLR

16
4
RTL? WHAT THE.......
Feat. Level 13

if(argv147 '\xbf')
printf("stack betrayed you!!\n")
exit(0)
strcpy(buffer, argv1)
printf("s\n", buffer)
if(argc lt 2)
printf("argv error\n")
exit(0)

include ltstdio.hgt
include ltstdlib.hgt
main(int argc, char argv)
char buffer40
int i
if(argc lt 2)
printf("argv error\n")
exit(0)

17
4
RTL? WHAT THE.......
Feat. Level 13

if(argv147 '\xbf')
printf("stack betrayed you!!\n")
exit(0)
strcpy(buffer, argv1)
printf("s\n", buffer)

18
4
RTL? WHAT THE.......
Feat. Level 13

?? GO!

19
4
RTL? WHAT THE.......
Feat. Level 13

buf SFP system exit sh

20
(No Transcript)
21

int server_fd, client_fd
struct sockaddr_in server_addr
struct sockaddr_in client_addr
int sin_size
if((server_fd socket(AF_INET, SOCK_STREAM, 0))
-1)
perror("socket")
exit(1)
server_addr.sin_family AF_INET
server_addr.sin_port htons(6666)

include ltstdio.hgt
include ltstdlib.hgt
include lterrno.hgt
include ltstring.hgt
include ltsys/types.hgt
include ltnetinet/in.hgt
include ltsys/socket.hgt
include ltsys/wait.hgt
include ltdumpcode.hgt
main()
char buffer40

22
if(listen(server_fd, 10) -1) perror("listen
") exit(1) while(1)
sin_size sizeof(struct sockaddr_in) if((cl
ient_fd accept(server_fd, (struct sockaddr
)client_addr, sin_size)) -1) perror("acc
ept") continue

server_addr.sin_addr.s_addr INADDR_ANY
bzero((server_addr.sin_zero), 8)
if(bind(server_fd, (struct sockaddr
)server_addr, sizeof(struct sockaddr)) -1)
perror("bind")
exit(1)

close(client_fd)
while(waitpid(-1,NULL,WNOHANG) gt 0)
close(server_fd)

if (!fork())
send(client_fd, "Death Knight Not even death
can save you from me!\n", 52, 0)
send(client_fd, "You ", 6, 0)
recv(client_fd, buffer, 256, 0)
close(client_fd)
break

BOF ???? ????~! Feat. LoB - PowerPoint PPT Presentation

BOF ???? ????~! Feat. LoB

INDEX. LOB? 1. BOF! (feat. gdb) 2. BOF! (feat. Level) 3. Darkknight : new attacker. Xavius : throw me away – PowerPoint PPT presentation