[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3EFB6214.3030005@terra.com.br>
Date: Thu, 26 Jun 2003 19:13:56 -0200
From: Lucas <lgates@...ra.com.br>
To: bugtraq@...urityfocus.com
Subject: hello-exploit.c
Hello ppl!! This is my debut on bugtraq!!
A few days ago someone posted a vulnerability in securecode.c (from
Tidbit^H^H^HTripBit) ...
Anyway I decided to code the exploit for learning purposes... (this is
my first exploit!!) Have fun!!
(note: you can't take over the world with this exploit....)
(Another note: I couldn't overwrite eip with the first strcpy... but I
could overwrite eax.... :\
I would really enjoy it if someone explained that to me!)
./securecode -s `perl -e 'print "A"x"2000"'`
gives me the following registers:
Program received signal SIGSEGV, Segmentation fault.
0x080485e5 in main ()
(gdb) info reg
eax 0x41414141 1094795585
ecx 0x40154360 1075135328
edx 0x5050504 84215044
ebx 0x40155f50 1075142480
esp 0xbfffec50 0xbfffec50
ebp 0xbffff068 0xbffff068
esi 0x40012780 1073817472
edi 0xbffff0b4 -1073745740
eip 0x80485e5 0x80485e5
eflags 0x210286 2163334
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x0 0
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1f80 8064
orig_eax 0xffffffff -1
Thank you for your help!!
In Memory of PoD (not the band or whatever)
PS: Sorry... I put TidBit instead of TripBit (man... I prolly offended
someone!!)
View attachment "hello-xp.c" of type "text/plain" (2732 bytes)
View attachment "securecode.c" of type "text/plain" (6999 bytes)
Powered by blists - more mailing lists