User Tools

Site Tools


session:07

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
session:07 [2020/07/03 11:55]
Razvan Deaconescu [Resources]
session:07 [2020/07/19 12:49] (current)
Line 3: Line 3:
 ===== Resources ===== ===== Resources =====
  
-To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the `07-shellcodesfolder.+To work this session, first clone/update [[https://github.com/hexcellents/sss-exploit|the repository]] and navigate to the ''07-shellcodes'' folder.
  
 Other resources: Other resources:
Line 844: Line 844:
  
 Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences: Inside the ''07-challenge-use-standard-input/'' subfolder in the tasks archive you will find a vulnerable source code file (''vuln.c'') with a similar vulnerability to the one above: the use of ''strcpy()'' to cause a buffer overflow inside the ''do_nothing_successfully()'' function. There are several differences:
-* the initial data is now read from standard input using ''fgets()'' +  * the initial data is now read from standard input using ''fgets()'' 
-* the buffer we are going to overwrite is now 70 characters long +  * the buffer we are going to overwrite is now 70 characters long 
-* we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address+  * we've added an extra local variable before the buffer to make it a bit more challenging to determine the return address
  
 Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable). Similarly to the task above, exploit the vulnerability by causing a buffer overflow of the ''buffer'' variable and overwriting the return address of the ''do_nothing_successfully()'' function to point to the shellcode (i.e. the address of the ''shellcode'' variable).
session/07.1593766545.txt.gz · Last modified: 2020/07/03 11:55 by Razvan Deaconescu