User Tools

Site Tools


session:07

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
session:07 [2020/07/03 10:49]
Mihai-Valentin DUMITRU (25451) remove some redundancy in the first two sections
session:07 [2020/07/19 12:49] (current)
Line 3: Line 3:
 ===== Resources ===== ===== Resources =====
  
-{{:public:sess-09_2015.pdf|Slides}}+To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the ''07-shellcodes'' folder.
  
-[[http://security.cs.pub.ro/summer-school/res/arc/07-shellcodes-skel.zip|Tasks archive]] +Other resources
- +  [[http://shell-storm.org/shellcode/|Shellcode repository]]
-[[http://shell-storm.org/shellcode/|Shellcode repository]]+
  
 ===== Initial info ===== ===== Initial info =====
Line 845: Line 844:
  
 Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences: Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences:
-* the initial data is now read from standard input using ''fgets()'' +  * the initial data is now read from standard input using ''fgets()'' 
-* the buffer we are going to overwrite is now 70 characters long +  * the buffer we are going to overwrite is now 70 characters long 
-* we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address+  * we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
  
 Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable). Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable).
session/07.1593762543.txt.gz · Last modified: 2020/07/03 10:49 by Mihai-Valentin DUMITRU (25451)