# HG changeset patch # User Christian Urban # Date 1412952563 -3600 # Node ID 6ba55ba5b588fb9c33963210b249aa424c370919 # Parent b784175a69dcaaa2f8c40761093dbda9ad9729b7 updated diff -r b784175a69dc -r 6ba55ba5b588 handouts/ho03.pdf Binary file handouts/ho03.pdf has changed diff -r b784175a69dc -r 6ba55ba5b588 handouts/ho03.tex --- a/handouts/ho03.tex Fri Oct 10 14:22:41 2014 +0100 +++ b/handouts/ho03.tex Fri Oct 10 15:49:23 2014 +0100 @@ -330,7 +330,7 @@ the part of the program that was intended to be only available after the correct key was typed in. -\subsection*{Paylods} +\subsection*{Payloads} Unfortunately, much more harm can be caused by buffer overflow attacks. This is achieved by injecting code that will be run @@ -440,12 +440,12 @@ \end{tikzpicture} \end{center} -\noindent Then we can fill up the gray part of the string with +\noindent Then we can fill up the grey part of the string with \pcode{NOP} operations. The code for this operation is \code{\\0x90}. It is available on every architecture and its purpose in a CPU is to do nothing apart from waiting a small amount of time. If we now use an address that lets us jump to -any address in the gray area we are done. The target machine +any address in the grey area we are done. The target machine will execute these \pcode{NOP} operations until it reaches the shellcode. A moment of thought can convince you that this trick can hugely improve our odds of finding the right