Differences

This shows you the differences between two versions of the page.

--- session:07 [2020/07/03 07:49] – remove some redundancy in the first two sections Mihai-Valentin DUMITRU (25451)
+++ session:07 [2020/07/19 09:49] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 ===== Resources =====
-{{:public:sess-09_2015.pdf|Slides}}
+To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the ''07-shellcodes'' folder.
-[[http://security.cs.pub.ro/summer-school/res/arc/07-shellcodes-skel.zip|Tasks archive]]
+Other resources:
+  * [[http://shell-storm.org/shellcode/|Shellcode repository]]
-[[http://shell-storm.org/shellcode/|Shellcode repository]]
 ===== Initial info =====
@@ Line 845: / Line 844: @@
 Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences:
-* the initial data is now read from standard input using ''fgets()''
+  * the initial data is now read from standard input using ''fgets()''
-* the buffer we are going to overwrite is now 70 characters long
+  * the buffer we are going to overwrite is now 70 characters long
-* we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
+  * we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
 Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable).