[16] assassin -> zombie_assassin ( Fake EBP & leaveret )
assassin / pushing me away[assassin@localhost assassin]$ /bin/bash2[assassin@localhost assassin]$ export SHELL=/bin/bash2 [ zombieassassin.c ] 123456789101112131415161718192021222324252627282930 #include #include main(int argc, char *argv[]){ char buffer[40]; if(argc EBP: Fake EBP 2> main retpop eip=> EIP: &leaveret 3> leavemov esp,ebp=> ESP: Fake EBP(&buffer+4)pop ebp=> EBP: &buffer+4에 있는 값 4> ..
2017.11.20