From d59888f45fdb591821e2f9a792a69cf097d7de03 Mon Sep 17 00:00:00 2001
From: acevest <zhaoyanbai@126.com>
Date: Thu, 9 Apr 2015 19:59:08 +0800
Subject: [PATCH] ...

---
 learn/test/overflow/of.1.c     |  43 +++++++++++++++++++++++++++++++++
 tools/hack/netpeeper/http.c    |   2 ++
 tools/hack/netpeeper/main.c    |   4 +++
 tools/hack/netpeeper/netpeeper | Bin 12012 -> 0 bytes
 4 files changed, 49 insertions(+)
 create mode 100644 learn/test/overflow/of.1.c
 delete mode 100755 tools/hack/netpeeper/netpeeper

diff --git a/learn/test/overflow/of.1.c b/learn/test/overflow/of.1.c
new file mode 100644
index 0000000..7974a0c
--- /dev/null
+++ b/learn/test/overflow/of.1.c
@@ -0,0 +1,43 @@
+/*
+ * ------------------------------------------------------------------------
+ *   File Name: of.1.c
+ *      Author: Zhao Yanbai
+ *              Thu Apr  9 18:50:29 2015
+ * Description: 
+ *              gcc of.1.c  -fno-stack-protector
+ * ------------------------------------------------------------------------
+ */
+#include<stdio.h>
+#include<string.h>
+
+const char *pwd = "1234";
+
+int of(const char *s)
+{
+    int r = 0xFEDCBA98;
+    char buf[8];
+    
+    r = strcmp(pwd, s) == 0 ? 1 : 0;
+
+    __builtin___strcpy_chk(buf, s, 1000);
+
+    return r;
+}
+
+int main(int argc, char *argv[]){
+
+    char buf[256];
+
+    scanf("%s", buf);
+
+    if(of(buf))
+    {
+        printf("SUCC:  %s\n", buf);
+    }
+    else
+    {
+        printf("FAIL:  %s\n", buf);
+    }
+
+	return 0;
+}
diff --git a/tools/hack/netpeeper/http.c b/tools/hack/netpeeper/http.c
index 80226aa..282a9a8 100644
--- a/tools/hack/netpeeper/http.c
+++ b/tools/hack/netpeeper/http.c
@@ -41,6 +41,8 @@ void http_callback(struct tcp_stream *ts) {
 
     int i;
 
+    printf("sssss\n");
+
     // data receive from client
     if(ts->server.count_new) {
         printf("HTTP FROM Client\n");
diff --git a/tools/hack/netpeeper/main.c b/tools/hack/netpeeper/main.c
index 632effb..2bf8438 100644
--- a/tools/hack/netpeeper/main.c
+++ b/tools/hack/netpeeper/main.c
@@ -95,11 +95,15 @@ int main(int argc, char *argv[]){
     nids_params.device = argv[1];
     nids_params.promisc = 1;
 
+    printf("init....\n");
     nids_init();
 
+    printf("register tcp....\n");
     nids_register_tcp(tcp_callback);
 
+    printf("nids run....\n");
     nids_run();
 
+    printf("exit....\n");
 	return 0;
 }
diff --git a/tools/hack/netpeeper/netpeeper b/tools/hack/netpeeper/netpeeper
deleted file mode 100755
index 834bed95849fcc6a3590fe757740cf57aab52551..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12012
zcmeHNZERcB89p}&BTYY?j+V6>tOgp?!AMeQM=6xWv;k+Nt=FUsQNoSuIE|@ed-k>Z
z0TN~=11syWHnepU)AoZQZR(^9Sc}R>v$bR!+Muf#R19dwfH`Yn?W9#{3-zAo+;i+}
zC#_)pu^;o1&N=V%p7-m%_uT7q?(xef-#>l65Jt5SsVX7F1*r9(5@JBOK?yMz)r)GH
zKF=+!ceJiqO>Sv1O5vo4b{4>aX?C{W-dQRl_3KM{LSe)v&O=2=vY4h7+-xa;uH0U8
zEiMN9c~n9nuCYnGtr00FG|hyST%Rbg%I*24+xG5I5*llTT4k>oAMKfa!Eh`Xhfuk_
z9m?M0$^bF*UMLgd3nZ*~D6&Bbl-ui`VaJzM<HXMEEwK$5(@aJ-g(5v>DAF61xb%J;
zRrXTK9&x!1H6%OJ4ECA5aesf%=9b47bCt$NjJbBk!g;a;H_$X!cse}}G0caOd7|fw
zW1i5iwr!e`u$kD>zdjl^V^;i(_Ouz!H?2#ryq^fQP)u_})G_TQ*sF&=<C~*2h|BHG
zELh|9h5cuXZ-KJ6S?Lfv?eV#o<*-+LPTSj7-P*dMO+RDqvb+Ja9Kn5Mp&gl5iG;Wm
z?}290ZXxjKh+6dB=ymCH3o#DReF;RM$hpC5_Fg7LKl;b60F4Pa6|@hPrCn9J<a5M#
z%$dp@=)=^6LR~lNG}NYKBHk1Zt#9ht67B(J`5Y?aSpD)1)fXQ7(ud#Nddbgr?Yn>b
zeDIJuA?oU6g?asIAy+KG^-|AA!;V7Og32-H{I`8a1OBj#08vCjJ&DGJjaM&fL^z@K
zkY}O(64avp6rd?8_7eS|1$C`EQ4dKLM)8{AA{Ow+8a)LSj8Eq8IoyR(y^bvjE7;$7
zlT-6@=rTX4OYK;{pzwBJmMc*?PCP_LrTkxKV68XvuIILnw#;#F=9G8a;*0R2+|A$G
z+*i;J3|kk2IbAconM1j&ZT@-dJa={Ny=kQ88sXix>=>8}hrOA%a;Gp&!T1{(&-105
z+lmPfz4pv;YK(0J?CouI&3i!Ro&LRnU0DF{z;SE3cW_S%bk|rQpU-#g&2oIC=2|eW
zrlQ0hKE#@ShC0Gp3}+9*S?(b^9(;z{xqFMWH}E6{X~Ub|SG%rjYz)vQ_hzL%&(}P+
zc{)41_aCW;4?7j@gAKn%_-%tV^SznYgYr6`chmM4X&Z_0d-KEX+n(EhI-i#bYtQ7p
znUUOF437-_8C;}c@o69o<c{H8KQNrU3c-$mWv6OCm|%>8VW(;}Ba^AhtpF*VU*CE#
zS?|4nA46N`xzlr($L!jh+XPkDJP4gJf0q^W$Ls6x;kw!o;<ja*=x<6D?(<`?xo|jl
z6O3i{rcdRq&(rzo_RPO>x082Brb)USo62AZ&wC1~_72v<%u<@+>u@)$*a@{I--qd}
zE+z9z&z3n*wNvm%$hvk`r^nY?SGsl%r^nk}0}sHQYv-*-`ot~Cdq7mBPqZa#+X9%O
zhYtH8nhd&jE;rKS9mzXERHet)Jk1c2t5#wLwJkib@b`yj>-pu{IjcH-((QWWH@IDy
zms~qvO#js|j-^jjTj#f5cQk(J@Eq698U)ahbU9|}3%GxBf-`<O-{5Ildb}#x;@Xv{
z!sV|+K9IX<yntQHtCl@HPl)>#FM9|-hWA~Y9$$Umn)LW=*MOYZDv@1dGd{}a<z*Vl
zts~3l8Y9cM7>8ravd~S24lh}jfp)T6&0;lk)vSFI5v9j{)&=SDNOA!}Rs8F5=?Eu>
zIC2A|3nPE}FrQ!cFcUMQ$ovB$P?Ntne=;Xv;oGploAOfE*tM|ZnwNsAoL}jDRkGPT
zcyq0HaQd^H1{qK7Z#_QdJog3~D09B&UM1r-Gz*8j_Id|rc(={IP8od-c5|Z`+9S30
zfwE^v$^5_r^C-sc_s@%vQSYB^nu+VkJz?`p-#=f6ggv9~!7u`P6Ab&II*BwuPrrW-
z1Ac<{Prl&*E+OCWifmt%?LpbTF55R``<84+W&5^l-;wQmvgN(WH~d4kM`Zf}TD%yx
zUAz{Arz79ciay&%=Gc39aQnEl9D9Ql7dT@FNG&DxJ5p;%Jx|Ic^%SX%q<&6n3#p%w
z8X)yOQr{)@EmA)w^$k+LB(<5;FsTTsS4j1cdWX~<pwK(Y+K$#WZsGHEbht%BLbz}4
z^eyE|NEdHsr_X)!n$;`a%fq2y#1i4?hEPPbt@Kc?u?euz!iI0TKN5*r?r1C+af9dX
z4TXb^jg57}vvO%eqE0mQ)QPnT|Ayewx+x6__YI+l6^!@#1Hl{XM33L{3*TzrHL!@=
zEG|ODwB*`P7WOj1STJ28stiLI2KS9E;Inei$I^mIy=hq8F0nO?6z~w$4N)@;<D-VC
z?gnyKgNN5vss<x?2l|a_W9HNvL$BG5t!sp_x!$Osc7AOZdjBgv!v9$1S+#E+QT=|^
zzpnasRR4kM$5mg2g*$UTP4yS5-mUs8RKG~|H>%#N`i~V{MW~X2N(L$!sAQm$fl3A{
z8K`8Sl7UJFDjBF`ppt<~2F{v+nU^l;<~irg7Lx~AX3USX+=TdQ+?}1(V)As{AJ}LH
z`Zk&ylKyy)NagT}M;0S%kM{)Q@tDZA@Gwpurkm?=zKp}~)M!yu#207}p-9LQSrKp6
zjCgQE2nSPf(+a?jh%YG&BqPKvWr6hiLt*m0;0MCdM3BG-5Zr8Az8!S$rg+GbBi%s!
zY(%L(&@r5*TfIavqNJ4|y%{tP+5`SXFwif<NEwRN7pK5O3Pv0v*#a-Ng)-ZTwPTfb
z!^G#GI<vnI;RORpD~SIF_?ez$uN5-`VoRST`$vsXzn_dfhO}VfE0=iN@b{ZIYYeZ)
zT@Zgakf9<xVkG&&OB^%${rF^d+=xYE*TBFjLw?MvlHb!z`SI&JhPLs2{L^Eo9-py>
z@X63A@~eW#Ziwuk36aq<k%I-1H)-Y55IK4Qn(Qn#v(fCo5Y5mWQuxyEH2+AIj^GDX
z5SdH4&mu)b^(n($?;AGUDP!0eHQe1Pel8Lx-<pQ6W?}~_dtKxh0IzTnDnG~FiHa|6
z;sNNOlb`h{$I~RrO(`6i0-#i%L2fGK^bzSNlA|yk^^j2I%jliB6}Y$B5Kp`JbW(%?
zHlor0S9uV4z5{c7K57b;g?JU36afk`^@s4ClJs^|>T66M_2;3o5L4fYd&pF!JpRYQ
z@6m(ke}Ot#{QH&vqZp@ujcJ<x>rq*V>EDSN|ESWh0!@95K}!8qR7N4Dz7wA<{+W<<
z#y<ymviO_vF`Bm5p`m|`$z%M(s4T?vKTLo^%=nKg{eIBY*O=qfcjlY=PJFib?}e;0
z{%-(J7Johd)<9qT(9ple<k9~oR2E|TcjB}8e;Kk)|E~g1=0B_a&&33ye~m$Yto-@#
zM-j?iuJkq5`lA?QA!hue1SrJJe={C=(u<V7#^mw(-KZ?Y)OQo05L2K3`yhS2_OCE`
z)Yt#}BBs6*pDlkL*mLI33p`o=hLpcS<zHj%KLx)m+J8!-V*JhOJNu86zQ$VLIo}w+
z6FcMI0ezQYKb_PambiF7<-sck^!w#6YP?xJzdWaMVO&4Irxe!jgXwrvb6h_k7b&ct
zw?>8a{aB>O)%7h`Sm$T0mRIv9pygFQ?^akp4@qFSuTkj}50>E{mf@e4;T>i8i88#~
z#&BVm7s~K~GW>2C{-=!#@%_6De^iF6A?dsxR~i0H8J=H;uPVcf%5XO>V?AmBm2<ue
z^)6HswFfnb+KajYwGTCfdN(SM6~m|~E$h(m$JvkCjr!l(bBm_6iC{d@<Ou|uRzw5I
zejF4gnl?q_8xt`c@in0aqCLSTD;f<an)<L-YKjD{STKnHU^WS?vl;{EWP%o=!jua(
z$EwO^=yeU(ap&kqnt&sFN$B)sbF?e26wlF>GyzxkqSNWh=4e+ue?7P4(E=P57qwii
zo}*1^0!E#yV{RXci(}JX8=G=z%!TnedXy&M(OzRa^JQ~%zRXEh`lVsYSyT|8FsDlI
z^dwWE^!`k81LY;FKns2*#yx4eig&4G?<cohB^-M<C|ULfP;JHRO_<((*?UU4<15)-
q+Ms0Pr&!qX*}FBpPqTMu&b^tWu_<F;*p1l$+c35Nny?$i`{zGtswx%$

-- 
2.44.0