In step 1, we made a copy of the original binary so that the original binary remains in place. The command in step 2 opens the copy of the original binary in the HexEdit tool:

We navigate to the bytes associated with the 10.0.2.15 IP address, which in hexadecimal is 0A 00 02 0F, according to the instructions in step 3. Your output should look similar to the following screenshot:

In step 4, we replace the original bytes for the IP address with bytes representing the 127.1.1.1 IP address, which in hexadecimal is 7F 01 01 01. Your changes should resemble the following screenshot. Note that, by changing the IP address, we've also eliminated NULL bytes. This is good in the event we have to analyze this on another Linux system for whatever reason:

In step 5, we issue the keyboard shortcut for saving and exiting, and then in step 6 we confirm our decision to save. It's always a good idea to quickly review that the changes took effect properly. To do that, in step 7, we run objdump against the edited binary to verify that the IP address has been changed accordingly. Your output for the second block of disassembled code should look as follows:

Great—it looks like we've successfully edited the binary so that it connects to our localhost only and not the remote host we saw in the original binary!