What command line are you using to compile it?Originally Posted by UnnamedOne
Bytescan.c
Why when I compile and run this there doesn't pop out an address?
Code:#include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]) { int i, jmps; char *ptr = (char *) 0xffffe000; jmps = 0; for (i = 0; i < 4095; i++) { if (ptr[i] == '\xff' && ptr[i+1] == '\xe4') { printf("* 0x%08x : jmp *%%esp\n", ptr+i); jmps++; } } if (!jmps) { printf("* No JMP %%ESP were found\n"); } return 1; }
What command line are you using to compile it?
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
gcc bytescan.c -o bytescan
after that I just do ./bytescan
Ok, part 2, let me guess, what output are you getting? This?
Code:*No JMP %ESP were found
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Well, I'm gonna read the whole tutorial again. I'll reply to this thread again after I'm done
Btw, can you change the bt~# to root@bt# in the terminal?
Ok, it seems as if you're trying to find a vulnerability in linux-gate.so.1 DSO, probably as part of a buffer overflow tutorial?Well, I'm gonna read the whole tutorial again. I'll reply to this thread again after I'm done
Btw, can you change the bt~# to root@bt# in the terminal?
I would guess your kernel was compiled in such a manner that JMP *%ESP can't be found in your linux-gate.so.1 (and therefore no such vulnerability).
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
So I'm gonna have to look for another tutorial?
I don't think you need to look for another tutorial, the tutorial is fine. But, you might need to find a different kernel with a different version of linux-gate.so.1 to use bytescan on.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
What kernel will work do you think?
Well, that depends on the tutorial. If you're following this guide, then the same OS/kernel as the guide would be appropriate; OpenSuSE 10.2, kernel 2.6.18, gcc 4.1.2.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Posting Permissions
