Dailydave mailing list archives

Re: relro, aslr & stuff

From: Joel Eriksson <je () bitnux com>
Date: Wed, 18 Apr 2007 09:41:07 +0200


On Tue, Apr 17, 2007 at 03:02:32PM +0200, Sebastian Krahmer wrote:


Yo,

For those who are in Linux exploitation:

http://c-skills.blogspot.com/2007/04/relro.html


On a related note:

---
/*
 * 0xbadc0ded.org Challenge #02 (2003-07-08)
 *
 * Joel Eriksson <je () 0xbadc0ded org>
 */

#include <string.h>
#include <stdlib.h>
#include <stdio.h>

unsigned long val = 31337;
unsigned long *lp = &val;

int main(int argc, char **argv)
{
        unsigned long **lpp = &lp, *tmp;
        char buf[128];

        if (argc != 2)
                exit(1);

        strcpy(buf, argv[1]);

        if (((unsigned long) lpp & 0xffff0000) != 0x08040000)
                exit(2);

        tmp = *lpp;
        **lpp = (unsigned long) &buf;
        *lpp = tmp;

        exit(0);
}
---

I knew the technique would turn out to be useful someday. ;)

l8er,
Sebastian


-- 
Best Regards,
Joel Eriksson
CTO Bitsec AB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

relro, aslr & stuff Sebastian Krahmer (Apr 17)
- Re: relro, aslr & stuff Joel Eriksson (Apr 18)