l0t3k.net/biblio/shellcode/en/shellcode-pr10n.txt
Exploit Development Process
Now that we have covered the basics, you are ready to look at a real-world example. In
the real world, vulnerabilities are not always as straightforward as the meet.c example
and require a repeatable process to successfully exploit. The exploit development process
generally follows these steps:
??? Control eip
??? Determine the offset(s)
Chapter 7: Basic Linux Exploits
163
PART III
??? Determine the attack vector
??? Build the exploit sandwich
??? Test the exploit
At first, you should follow these steps exactly; later you may combine a couple of these
steps as required.
Real-World Example
In this chapter, we are going to look at the PeerCast v0.1214 server from peercast.org.
This server is widely used to serve up radio stations on the Internet. There are several vulnerabilities
in this application. We will focus on the 2006 advisory www.infigo.hr/in_
focus/INFIGO-2006-03-01, which describes a buffer overflow in the v0.1214 URL string.
It turns out that if you attach a debugger to the server and send the server a URL that
looks like this:
http://localhost:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA....(800)
your debugger should break as follows:
gdb output.
Pages:
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338