Re: [Vuln-dev Challenge] Challenge #2

On Monday 26 May 2003 16:59, Janus N. wrote:

> >
> > ## ...MEDIC! what is this? What are you doin?

One (hopefully final) request for clarification:

when fgets finds bfp (with the address of printf there) it jumps to printf and executes the value in bfp (which is now shellcode)???

Is this correct?

I still don't really get the printf_got -2 thing. I would have thought that if printf is at a given address, changing that address would point to something else that is not the printf command! Obviously not, but I don't understand how.

>
> > > /* calculate address of shellcode. Assumes fixed
Received on Fri May 30 17:03:15 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek