Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
progs/README
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Thu, 08 Oct 2015 17:06:48 +0100
changeset 402 fb0c844a26cf
parent 400 f05368d007dd
child 403 92c49c160b24
permissions -rw-r--r--
updated

Virtual-Box

Start "Linux Hacking"   password is "test"

The programs are under 

  cu$> app-material/progs


Programs can be updated using

  hg pull
  hg update
  hg revert --all

Emacs can be used to edit files

  emacs -nw ...file....     (is also an alias)


C0.c
====

Add the bigger string and the long is printed out differently.

foo("my string is too long !!!!! \x15\xcd\x5b\x07");

C1.c
====

needs to be called using

  ./C1 `args1-good`
  ./C1 `args1-bad`

or in gdb using

  gdb --args ./C1 `args1-bad`


C2.c
====

called with
  
  ./args2-good | ./C2
  ./args2-bad  | ./C2

C3.c
====
(shell injection)

called with 

  ./C3

opens a new shell


C4.c
====
Format string attack

  ./C4 "%s"
  ./C4 `./args4`



------------------------------------

to switch off address randomization

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space



C0.c

add to string 
 
  " \x15\xcd\x5b\x07"

to get

  foo("my string is too long !!!!! \x15\xcd\x5b\x07");
sen-material