Security Summer School

User Tools

Site Tools

session:08

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
session:08 [2018/07/03 17:12] – [15. Tutorial: Shellcode on Stack] Razvan Deaconescusession:08 [2020/07/19 09:49] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== 0x08. Shellcodes (advanced) ======+====== 0x07. Shellcodes (advanced) ======
  
 ===== Resources ===== ===== Resources =====
  
-[[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|Activities archive]]+/*[[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|Activities archive]]*/ 
 + 
 +[[https://github.com/hexcellents/sss-exploit|Activities repo]]
  
 [[http://shell-storm.org/shellcode/|Shellcode repository]] [[http://shell-storm.org/shellcode/|Shellcode repository]]
Line 70: Line 72:
 ===== 4. Challenge: Shellcode as Argument ===== ===== 4. Challenge: Shellcode as Argument =====
  
-Go to ''02-challenge-shellcode-argv/'' in the [[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|activities archive]].+Go to ''04-challenge-shellcode-argv/'' in the [[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|activities archive]].
  
 Feed the ''vuln'' executable a proper ''x86_64'' shellcode as a program argument. Make sure it works by running it by itself and then run it under ''strace''. Feed the ''vuln'' executable a proper ''x86_64'' shellcode as a program argument. Make sure it works by running it by itself and then run it under ''strace''.
Line 222: Line 224:
  
 In the ''sol/exploit.py'' script, we fill the ''approximate_buffer_address'' variable with the address from GDB and then we run along that. We run the program multiple times, until we find the proper address that is able to get us the shellcode to run. In the ''sol/exploit.py'' script, we fill the ''approximate_buffer_address'' variable with the address from GDB and then we run along that. We run the program multiple times, until we find the proper address that is able to get us the shellcode to run.
- 
-<note important> 
-This didn't work for us. It may be because of x86_64 varying the addresses even in the absence of ASLR. 
-</note> 
  
 <note important> <note important>
Line 247: Line 245:
 </note> </note>
  
 +===== 17. Challenge: Shellcode on Stack =====
 +
 +Go to the ''17-challenge-shellcode-on-stack/'' folder in the [[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|activities archive]].
 +
 +Update the ''sol/exploit.py'' script that exploits the ''vuln'' executable. It's similar to challenge 15.
 +
 +===== 18. Challenge: Shellcode on Stack (32 bit) =====
 +
 +Go to the ''18-challenge-shellcode-on-stack-32/'' folder in the [[http://security.cs.pub.ro/summer-school/res/arc/08-shellcodes-advanced-skel.zip|activities archive]].
 +
 +It's similar to the challenge above, except that it runs on 32 bits. Copy and update the ''exploit.py'' script from the solution above and update it to make it work on 32 bits.
  
 /* /*
session/08.1530637943.txt.gz · Last modified: by Razvan Deaconescu