假设有一个有漏洞的服务器程序(vulnerable.c). 然后写一个exploit 来利用该漏洞,这样将能得到一个远程shell。
一、理解有漏洞程序:
#include
#include
#include
#define BUFFER_SIZE 1024
#define NAME_SIZE 2048
int handling(int c)
{
char buffer[BUFFER_SIZE], name[NAME_SIZE];
int bytes;
strcpy(buffer, "My name is: ");
bytes = send(c, buffer, strlen(buffer), 0);
if (bytes == -1)
return -1;
bytes = recv(c, name, sizeof(name), 0);
if (bytes == -1)
return -1;
name[bytes – 1] = ’