Anuwat Khongchuai un4ckn0wl3z

## intof.c
//vuln.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

void store_passwd_indb(char* passwd) {
}

void validate_uname(char* uname) {
}

## disassiof.asm
(gdb) set disassembly-flavor intel
(gdb) disass validate_passwd
Dump of assembler code for function validate_passwd:
   0x0804849e <+0>:	push   ebp
   0x0804849f <+1>:	mov    ebp,esp
   0x080484a1 <+3>:	push   edi
   0x080484a2 <+4>:	sub    esp,0x34
   0x080484a5 <+7>:	mov    eax,DWORD PTR [ebp+0x8]
   0x080484a8 <+10>:	mov    DWORD PTR [ebp-0x1c],0xffffffff
   0x080484af <+17>:	mov    edx,eax

## iofexploit.py
#exp.py
#!/usr/bin/env python
import struct
from subprocess import call

arg1 = "sploitfun"

#Stack address where shellcode is copied.
ret_addr = 0xbffff274

## shellcoderunner.py
#!/usr/bin/python

##############################################################
# PyInstaller Win32 shellcode runner - by @mihi42
#
# Needed software:
# * Python 2.7.2 from
#   <http://www.python.org/download/releases/>
# * PyWin32 build 217 for Python 2.7 from
#   <http://sourceforge.net/projects/pywin32/files/pywin32/>

## HelloWorld.c
main( ) {
 printf("hello, world");
 }

## var.c
main( ) {
 int a, b, c, sum;
 a = 1; b = 2; c = 3;
 sum = a + b + c;
 printf("sum is %d", sum);
 }

## constants.c
char quest, newline, flags;
 quest = '?';
 newline = '\n';
 flags = 077;

## get_and_put_char.c
main( ) {
 char c;
 c = getchar( );
 putchar(c);
 printf ("hello, world\n");
 int sum = 6;
 printf ("sum is %d\n", sum);
 }

## if.c
c = getchar( );
 if( c == '?' )
 printf("why did you type a question mark?\n");

## tcp_redi.sh
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber
	//vuln.c
	#include <stdio.h>
	#include <string.h>
	#include <stdlib.h>

	void store_passwd_indb(char* passwd) {
	}

	void validate_uname(char* uname) {
	}
	(gdb) set disassembly-flavor intel
	(gdb) disass validate_passwd
	Dump of assembler code for function validate_passwd:
	0x0804849e <+0>: push ebp
	0x0804849f <+1>: mov ebp,esp
	0x080484a1 <+3>: push edi
	0x080484a2 <+4>: sub esp,0x34
	0x080484a5 <+7>: mov eax,DWORD PTR [ebp+0x8]
	0x080484a8 <+10>: mov DWORD PTR [ebp-0x1c],0xffffffff
	0x080484af <+17>: mov edx,eax
	#exp.py
	#!/usr/bin/env python
	import struct
	from subprocess import call

	arg1 = "sploitfun"

	#Stack address where shellcode is copied.
	ret_addr = 0xbffff274
	#!/usr/bin/python

	##############################################################
	# PyInstaller Win32 shellcode runner - by @mihi42
	#
	# Needed software:
	# * Python 2.7.2 from
	# <http://www.python.org/download/releases/>
	# * PyWin32 build 217 for Python 2.7 from
	# <http://sourceforge.net/projects/pywin32/files/pywin32/>
	main( ) {
	int a, b, c, sum;
	a = 1; b = 2; c = 3;
	sum = a + b + c;
	printf("sum is %d", sum);
	}
	char quest, newline, flags;
	quest = '?';
	newline = '\n';
	flags = 077;
	main( ) {
	char c;
	c = getchar( );
	putchar(c);
	printf ("hello, world\n");
	int sum = 6;
	printf ("sum is %d\n", sum);
	}
	c = getchar( );
	if( c == '?' )
	printf("why did you type a question mark?\n");