Comment by austinz

12 years ago

If you want to read more about shellcode/C vulnerabilities you can check out the Phrack and other links at Stanford's CS155 web site: https://courseware.stanford.edu/pg/assignments/view/280907/b...

The Buffer Overflow #1 and #2 projects might also be worth checking out. You can download the project description, starter code, and VM image, and see if you can write code to get the root shell.

5 comments

austinz

voltagex_ 12 years ago

  The requested URL /cs155/hw_and_proj/pp1/boxes-2.3.tar.bz2 was not found on this server.

From https://crypto.stanford.edu/cs155/hw_and_proj/pp1/boxes-2.3.... which is the VM image link.

Anyone got any contacts at Stanford?

austinz 12 years ago

If you change https to http, it works for me (and I'm not logged in or privileged in any way).

j_m_b 12 years ago

Oldie but relevant: http://www.phrack.org/issues.html?issue=49&id=14#article

DanielRibeiro 12 years ago

Thanks for the course info!

Quick link for those that missed how to use printf to call arbitrary functions: http://stackoverflow.com/a/7459758/113507

coldpie 12 years ago

Along the same lines, I would also recommend "Hacking" by Jon Erickson.