Controlling Addresses and shell code

Last time we explored using 64 bit program;

This time 32 bit;

17*1 to overwrite that flag

we can also overwrite the return address.

we can also use self make code to overwrite the return address to do malicious thing.

https://docs.google.com/document/d/1e36qlaMm4a18Ql9zL10UIdXxT7SGFpcMG-QM9CIcgfA/edit

  • gate1: set up 32-bit environment;

  • gate2: find the length to cause seg-fault and find the length to return address;

  • gate3: overwrite the return address to exit, so no output and shell code will be executed;

  • gate4: use gdb to examine the state of the stack both before and after buffer overflow; use the command in gate 2(0*48);

  • gate5: disable ASLR, make sure program be executed in the same address;

  • gate6: example shell code: open a new shell with char array;

  • gate7: set the return address as the buffer; put shell code to the buffer; shell code will be executed and start a new shell;for the buffer start address, we print it everytime in the previous gates;

results matching ""

    No results matching ""