Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Wed, 07 Oct 2015 18:03:32 +0100
changeset 399 6d552ef3b435
parent 398 b183036ba675
child 400 f05368d007dd
updated
handouts/ho03.pdf file | annotate | diff | comparison | revisions
handouts/ho03.tex file | annotate | diff | comparison | revisions 
Binary file handouts/ho03.pdf has changed
--- a/handouts/ho03.tex	Wed Oct 07 10:14:04 2015 +0100
+++ b/handouts/ho03.tex	Wed Oct 07 18:03:32 2015 +0100
@@ -412,6 +412,14 @@
 ``higher-education'' in the architecture of the target system.
 But it is actually relatively simple: First there are many
 such strings ready-made---just a quick Google query away.
+A nice selection of ready-made shell-codes can be found 
+for example at
+
+\begin{center}
+\url{http://shellblade.net/shellcode.html}
+\end{center}
+
+
 Second, tools like the debugger can help us again. We can just
 write the code we want in C, for example this would be the
 program for starting a shell:
@@ -450,7 +458,8 @@
 will be send to the target computer. This of course requires
 that the buffer we are trying to attack can at least contain
 the shellcode we want to run. But as you can see this is only
-47 bytes, which is a very low bar to jump over. More
+47 bytes, which is a very low bar to jump over. Actually there
+are optimised versions which only need 24 bytes. More
 formidable is the choice of finding the right address to jump
 to. The string is typically of the form
sen-material