Index

S

saved frame pointer (SFP), 19-20, 22

S-box array, 213, 213-14

scanning, port. See port scanning

scripting tool, 158

SDMI (Secure Digital Music Initiative), 3

secret key, 186

Secure Digital Music Initiative (SDMI) 3

Secure Sockets Layer (SSL) encryption, 174

segmentation, program memory, 18-21

segments, avoiding using other, 92-94

sequence numbers, 144

session layer, 140

setreuid( ) function, 90, 99

setuid( ) function, 132, 132-33, 137

SFP (saved frame pointer ), 19-20, 22

sgid (set group ID), 15

Shannon, Claude, 174

shell.asm, 90-92

shellcode

defined, 24

writing, 84-129

See also ASCII printable polymorphic shellcode; dissembler

avoiding using other segments, 92-94

common assembly instructions, 84-85

Hello, World program, 87-89

Linux system calls, 85-87

polymorphic shellcode, 102-3 printable ASCII instructions, 101-2

removing null bytes, 94-98

shell-spawning code, 90-92

using stack, 98-101

shellcode.asm, 93-98

SHELLCODE environment variable, 38

shell-spawning code, 90-92

Shor, Peter, 184-85

shroud, 165-72

single-byte instructions, 101, 102

Sklyarov, Dmitry, 3

smurf attack, 162

sniffing, network, 146-56

Solar Designer, 132, 199, 231, 232

Sparc assembly language, 9

special interrupt (int 0x80), 88

spoofing, 149, 163

sprintf( ) function, 136-37

SSH daemon, 190

SSH host fingerprints, 189

SSH MiM attack, 195

Ssharpd daemon, 187

ssharp MiM tool, 190, 232

SSL (Secure Sockets Layer) encryption, 174

stack-based overflows, 23-41

exploitation without exploit code, 202

exploit.c code, 26-27

exploition without exploit code, 27-31

using environment, 31-40

env_exploit.c code, 32-38

getenvaddr.c code, 38-41

vuln2.c code, 31-32

vuln.c code, 24-26

stack frame, 19

stack segment, 19

stackshell.asm, 98-100

stack, smaller shellcode using, 98-101

Stallman, Richard, 3

stealth SYN scan, 163

strcpy( ) function, 84

stream ciphers, 178

string, defined, 17

str string pointer, 22

sub esp instruction, 105

sub instruction, 85, 94, 106-7

suid root programs, 16

switched network environment, 149

symmetric ciphers, 178

symmetric encryption, 178-80

SYN/ACK packets, 144, 162, 163, 164, 166, 167

SYN flag, 144

SYN flooding, 162

SYN packets, 144, 145, 162, 163, 164, 168

system( ) function, 130-31, 132, 137-38