19 1

r—    ^:-^

^ «« ^ 1^__hakingg live:/ramdisk/home/haking_ J ⁿ □ X

[hakingQlive haking]$ ./vuln 272 &buf=0xbffff9b0

[hakingQlive haking]$ nc -1 -p 9999 I gdb -x gdb_commands.txt vuln GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)

Copgright 2003 Free Software Foundation, Inc.

GDB is free software, covered bg the GNU General Public License, and gou are welcome to change it and/or distribute copies of it under certain conditions. Tgpe "show copging" to see the conditions.

There is absolutelg no warrantg for GDB. Tgpe "show warrantg" for details.

This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db lib rarg "/1ib/tls/1ibthread_db.so.1".

Breakpoint 1 at 0x80483d6: file vuln.c, linę 6.

&buf=0xbffff9a0

Breakpoint 1, main (argc=2, argv=0xbffffb34) at vuln.c:6

6    nun = read(0,buf,atoi(argv[ll));

0xbffffaac:    0x40035770

7    printf("num=7,d\n", num);

0xbffffaac:    0xbffffale

00:00:00 luit 00:00:00 bash 00:00:00 xterm 00:00:00 luit 00:00:00 bash 00:00:00 nc 00:00:00 vuln

[hakingQlive haking]$ nc -1 -p 9999 I .1    2265 pts/2

&buf=0xbffff9b0    I    2266 pts/3

□    |    2311 ?

2312    pts/4

2313    pts/5

2364    pts/1

2365    pts/1

00:00:00 ps [hakingQlive hakingl$ ald flssenblg Language Debugger 0.1.5a Copgright (C) 2000-2003 Patrick Hlken

2366    pts/5

ald> attach 2365

0xBFFFF9B0 edx = 0x00000118 0xBFFFFB44 edi = 0xBFFFFB50 0x00000000 gs = 0x00000033 0x40000C32 eflags = 0x00000246

flttached to process id 2365

eax = 0xFFFFFE00 ebx = 0x00000000 ecx

esp = 0xBFFFF984 ebp = 0xBFFFFHB8 esi

ds = 0x0000002B es = 0x0000002B fs

ss = 0x0000002B cs = 0x00000023 eip

Flags: PF ZF IF

40000C32 ald> |

C3

retn