Differences

This shows you the differences between two versions of the page.

--- session:07 [2020/07/03 08:55] – [Resources] Razvan Deaconescu
+++ session:07 [2020/07/19 09:49] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 ===== Resources =====
-To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the `07-shellcodes` folder.
+To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the ''07-shellcodes'' folder.
 Other resources:
@@ Line 844: / Line 844: @@
 Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences:
-* the initial data is now read from standard input using ''fgets()''
+  * the initial data is now read from standard input using ''fgets()''
-* the buffer we are going to overwrite is now 70 characters long
+  * the buffer we are going to overwrite is now 70 characters long
-* we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
+  * we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
 Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable).