[Dailydave] relro, aslr & stuff
Joel Eriksson
je at bitnux.com
Wed Apr 18 03:41:07 EDT 2007
On Tue, Apr 17, 2007 at 03:02:32PM +0200, Sebastian Krahmer wrote:
>
> Yo,
>
> For those who are in Linux exploitation:
>
> http://c-skills.blogspot.com/2007/04/relro.html
On a related note:
---
/*
* 0xbadc0ded.org Challenge #02 (2003-07-08)
*
* Joel Eriksson <je at 0xbadc0ded.org>
*/
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
unsigned long val = 31337;
unsigned long *lp = &val;
int main(int argc, char **argv)
{
unsigned long **lpp = &lp, *tmp;
char buf[128];
if (argc != 2)
exit(1);
strcpy(buf, argv[1]);
if (((unsigned long) lpp & 0xffff0000) != 0x08040000)
exit(2);
tmp = *lpp;
**lpp = (unsigned long) &buf;
*lpp = tmp;
exit(0);
}
---
I knew the technique would turn out to be useful someday. ;)
> l8er,
> Sebastian
--
Best Regards,
Joel Eriksson
CTO Bitsec AB
More information about the Dailydave
mailing list