On Saturday, 8 November 2014 at 02:42:34 UTC, Israel wrote:
This one in particular. http://pastebin.com/dq4Bp9x0. What is
this...
It is just a function that is already compiled and added as a
string literal. It calls the system function exec("/bin/bash");
to spawn a shell over the current process. It is called shellcode
because it is code to launch a shell and is done as a string
because a practical application is to exploit a buffer overflow
vulnerability in a program to gain access to a target computer.
(It isn't as easy as feeding a string as input btw, but this
would be like the hello, world version of it.)
But I was wondering why the title said "HOLY CRAP THAT IS
STUPID"... and at first, I though the author just didn't use
cast() properly, but after trying it, I'm inclined to agree.
With the straightforward cast, the compiler spits out:
Error: no size for type void()
Error: no size for type void()
What a terrible error message and it seems kinda silly to me to
be an error at all. It doesn't even work if I ask for ptr. This
is just casting pointer types, why does the compiler require an
intermediate step?
Maybe I'm missing some logic here, but my impression right now is
holy crap, this is stupid.
