From: Carlos Eduardo Santiviago (segfaultbrturbo.com)
Date: Mon Jan 12 2004 - 12:28:13 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

supposing this simple vuln code:

int main(int argc, char *argv[])
{
   char buf[128];

   strcpy(buf, argv[1]);
   return 0;
}

I am doing a research about stack-based exploitation techniques and i know 4 ways to do it (to help me overwrite saved eip/ebp):

1. using nop sled (P49-14)
2. using environment variables (murat, netric.org)
3. using ptrace() (RaiSe's linuxconfig exploit)
4. returning-into-libc

The question is: is there any other way to exploit it?

thanks,
--
/sf

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]