Virtual-Box

Start "Linux Hacking"   
  login is cu
  password is "test"

The programs are under 

  cu$> app-material/progs


Programs can be updated using

  hg pull
  hg update
  hg revert --all

Emacs can be used to edit files

  emacs -nw ...file....     (is also an alias)

Compiler

  gcc -O0 -o file file.c

Backtick is key §/±.

example.c
=========
file to explain assembly code


C0.c
====

Add the bigger string and the long is printed out differently.

foo("my string is too long !!!!! \x15\xcd\x5b\x07");

C1.c
====

needs to be called using

  ./C1 `./args1-good`
  ./C1 `./args1-bad`

or in gdb using

  gdb --args ./C1 `args1-bad`


C2.c
====

called with
  
  ./args2-good | ./C2
  ./args2-bad  | ./C2

C3.c
====
(shell injection)

called with 

  ./C3

opens a new shell


C4.c
====
Format string attack

  ./C4 "%s"
  ./C4 `./args4`

This vulnerability does not need the defences, but prints out
the string only correctly with `./args4`. The %s option needs

  -mpreferred-stack-boundary=2


C6.c
====
Enter the password :
hhhhhhhhhhhhhhhhhhhh

Wrong Password 
Root privileges given to the user

------------------------------------

to switch off address randomization

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space



C0.c

add to string 
 
  " \x15\xcd\x5b\x07"

to get

  foo("my string is too long !!!!! \x15\xcd\x5b\x07");