This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
int main(int argc, char *argv[]){ | |
char buffer[50]; | |
printf("バッファは%pにあります。\n", &buffer); | |
if(argc > 1) | |
strcpy(buffer, argv[1]); | |
return 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
int main(int argc, char *argv[]) | |
{ | |
char buffer[5]; | |
strcpy(buffer, argv[1]); | |
return 0; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#define MAX_ID_LEN 40 | |
#define MAX_DESC_LEN 500 | |
/* メッセージを表示して終了する */ | |
void barf(char *message, void *extra){ | |
printf(message, extra); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <fcntl.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <sys/stat.h> | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <arpa/inet.h> | |
#include <time.h> | |
#include <signal.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <signal.h> | |
/* signal.hで定義されているラベル付きシグナル | |
* #define SIGHUP 1 ハングアップ | |
* #define SIGINT 2 割り込み(Ctrl-C) | |
* #define SIGQUIT 3 終了(ctrl-\) | |
* #define SIGILL 4 不正命令 | |
* #define SIGTRAP 5 トレース/ブレークポイントによるトラップ | |
* #define SIGABRT 6 プロセスの中断 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BITS 32 | |
; s = socket(2, 1, 0) | |
push BYTE 0x66 ; socketcallはシステムコール102番(0x66) | |
pop eax | |
cdq ; DWORDのnullとして使用するためにedxをゼロクリアする | |
xor ebx, ebx ; ebxはsocketcallのタイプ | |
inc ebx ; 1 = SYS_SOCKET = socket() | |
push edx ; 引数の配列を生成する: { protocol = 0, | |
push BYTE 0x1 ; (逆順) SOCK_STREAM = 1, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BITS 32 | |
; s = socket(2, 1, 0) | |
push BYTE 0x66 ; socketcallはシステムコール102番(0x66) | |
pop eax | |
cdq ; DWORDのnullとして使用するためにedxをゼロクリアする | |
xor ebx, ebx ; ebxはsocketcallのタイプ | |
inc ebx ; 1 = SYS_SOCKET = socket() | |
push edx ; 引数の配列を生成する: { protocol = 0, | |
push BYTE 0x1 ; (逆順) SOCK_STREAM = 1, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <unistd.h> | |
#include <string.h> | |
#include <sys/socket.h> | |
#include <netinet/in.h> | |
#include <arpa/inet.h> | |
int main(void){ | |
int sockfd, new_sockfd; // sock_fdは待ち受けるソケット。new_fdはコネクション記述子 | |
struct sockaddr_in host_addr, client_addr; // 自らのアドレス情報 | |
socklen_t sin_size; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BITS 32 | |
; setresuid(uid_t ruid, uid_t euid, uid_t suid); | |
xor eax, eax ; eaxをゼロクリアする | |
xor ebx, ebx ; ebxをゼロクリアする | |
xor ecx, ecx ; ecxをゼロクリアする | |
xor edx, edx ; edxをゼロクリアする | |
mov al, 0xa4 ; システムコール番号は164(0xa4) | |
int 0x80 ; setresuid(0, 0, 0) 全てのroot権限を復活させる |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <unistd.h> | |
#include <string.h> | |
void lowered_privilege_function(unsigned char *ptr) { | |
char buffer[50]; | |
seteuid(5); | |
strcpy(buffer, ptr); | |
} | |
int main(int argc, char *argv[]){ | |
if (argc > 0) | |
lowered_privilege_function(argv[1]); |