[sss] [Buffer Overflow]
Radu Caragea
sinaelgl at gmail.com
Fri Jun 30 00:41:22 EEST 2017
Pare sa nu fie niciun fel de setup nonstandard. La fel de bine ar
trebui sa mearga:
echo "date" > /tmp/radu123_2/test2.sh
chmod +x /tmp/radu123_2/test2.sh
/tmp/radu123_2/test2.sh
2017-06-30 0:39 GMT+03:00 Radu Codescu <radu.codescu27 at gmail.com>:
> Da, asa merge.
>
> Multumesc, sigur o sa am nevoie in viitor. :)
>
>
>
> Pe 30 iunie 2017, 00:37, Radu Caragea <sinaelgl at gmail.com> a scris:
>>
>> ia incearca asa:
>>
>> mkdir /tmp/radu123_2
>> echo "date" > /tmp/radu123_2/test.sh
>> bash /tmp/radu123_2/test.sh
>>
>>
>> 2017-06-30 0:35 GMT+03:00 Radu Codescu <radu.codescu27 at gmail.com>:
>> > Am incercat. Doar ca nici pe tmp nu aveam drept de executie.
>> > -rw-r--r-- 1 level4 level4 27 Jun 29 22:36 /tmp/radu123
>> >
>> > Pe 30 iunie 2017, 00:33, Radu Caragea <sinaelgl at gmail.com> a scris:
>> >>
>> >> In most wargames you can usually make a directory under "/tmp/" and
>> >> copy/run your scripts from there
>> >>
>> >> 2017-06-30 0:32 GMT+03:00 Radu Codescu <radu.codescu27 at gmail.com>:
>> >> > Salut,
>> >> >
>> >> > Multumesc pentru raspunsuri. Am rezolvat in final.
>> >> > Nu am niciun drept ma refeream la faptul ca nu puteam folosi niciun
>> >> > script
>> >> > python sau bash pentru generare. Nu aveam nici drept write nici
>> >> > execute.
>> >> >
>> >> > Radu
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Pe 30 iunie 2017, 00:12, Razvan Deaconescu
>> >> > <razvan.deaconescu at cs.pub.ro>
>> >> > a
>> >> > scris:
>> >> >>
>> >> >> Radu Codescu <radu.codescu27 at gmail.com> writes:
>> >> >> > Salut,
>> >> >> >
>> >> >> > Am si eu o intrebare. Incercam sa rezolv un exercitiu legat de
>> >> >> > buffer
>> >> >> > overflow si m-am lovit de urmatoarea problema.
>> >> >> > Buffer-ul nu se citeste de la stdin ci este primit ca si argument
>> >> >> > din
>> >> >> > linia
>> >> >> > de comanda. Problema este ca trebuie sa dau adresa functiei care
>> >> >> > bineinteles este in hexa.
>> >> >> >
>> >> >> > Exista cumva vreo posibilitate astfel incat sa dau ca si argument
>> >> >> > din
>> >> >> > linia
>> >> >> > de comanda un string de forma: "AAAAAA" + "\x08\x04\x84\x7b"?
>> >> >>
>> >> >> În mod normal faci asta folosind:
>> >> >>
>> >> >> ./program $(echo -e "AAAAAA\x08\x04\x84\x7b")
>> >> >>
>> >> >> sau
>> >> >>
>> >> >> ./program $(python -c 'print 6*"A" + "\x08\x04\x84\x7b")
>> >> >>
>> >> >> > Mentionez ca nu pot folosi python nici bash deoarece nu am niciun
>> >> >> > drept pe masina respectiva.
>> >> >>
>> >> >> Ce înseamnă "nu am nici un drept"?
>> >> >>
>> >> >> Răzvan
>> >> >> _______________________________________________
>> >> >> sss mailing list
>> >> >> sss at security.cs.pub.ro
>> >> >> http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>> >> >
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > sss mailing list
>> >> > sss at security.cs.pub.ro
>> >> > http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>> >> >
>> >> _______________________________________________
>> >> sss mailing list
>> >> sss at security.cs.pub.ro
>> >> http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>> >
>> >
>> >
>> > _______________________________________________
>> > sss mailing list
>> > sss at security.cs.pub.ro
>> > http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>> >
>> _______________________________________________
>> sss mailing list
>> sss at security.cs.pub.ro
>> http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>
>
>
> _______________________________________________
> sss mailing list
> sss at security.cs.pub.ro
> http://security.cs.pub.ro/cgi-bin/mailman/listinfo/sss
>
More information about the sss
mailing list