If you grabbed our source code, you can simply run make after extracting it. We add - 00 to the command line to prevent the compiler from performing optimizations such as deleting unused functions under the guise of "helping". ![]() Put that in a file called jumpdemo.c and compile with the following command: gcc -g -O0 -o jumpdemo jumpdemo.c Printf("Can you call random_function()?\n") You can download this program as a 32- and 64-bit Linux binary, as well as the source code and Makefile, here Let's start by writing a simple toy program. With few exceptions (I've used a technique like this to break out of an improperly implemented sandbox before), this technique is primarily for analysis, not for exploitation or privilege escalation. This technique is useful for finding hidden functionality, but it's somewhat limited: it'll only work for applications that you're capable of debugging. In this post, we'll look at how we can find hidden functionality by jumping to random functions in-memory! This is normally a good way to crash the program, but who knows? You might find a gem! Sometimes reverse engineering is graceful and purposeful, where you thread the needle just right to figure out some obscure, undocumented function and how it can be used to the best of your ability. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |