Differences

This shows you the differences between two versions of the page.

--- session:07 [2020/07/03 11:55]
Razvan Deaconescu [Resources]
+++ session:07 [2020/07/19 12:49] (current)
@@ Line 3: / Line 3: @@
 ===== Resources =====
-To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the `07-shellcodes` folder.
+To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the ''07-shellcodes'' folder.
 Other resources:
@@ Line 844: / Line 844: @@
 Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences:
-* the initial data is now read from standard input using ''fgets()''
+  * the initial data is now read from standard input using ''fgets()''
-* the buffer we are going to overwrite is now 70 characters long
+  * the buffer we are going to overwrite is now 70 characters long
-* we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
+  * we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
 Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable).

Security Summer School

User Tools

Site Tools

Differences

Page Tools