wtorek, 23 lipca 2019

Protostar CTF - Stack5

Today we will try to solve next part of the Protostar CTF - stack5. Below you will find the details. Here we go...
Today we will start here:


As you can see we have buffer to overflow, let's try to do that :) Running the program just to check it in action:


Now let's open stack5 in gdb:


As you can see I like to set up 2 more options when using gdb:
- set disassembly-flavor intel
- set pagination off

Reading the listing we can see that there is a leave instruction (in main+21), let's break (b) there. Running with our 'payload' (from /tmp/x1) and we are here:


Next we will check where is our payload in ESP:


Next I decided to prepare a new payload this time using Metasploit's


Restarting the app with new payload:


So far, so good. Our payload is available in ESP, type c(ontinue) to proceed:


Now it should be easier to get the offset:


Checking with new payload:


Looking for the address we will overwrite:


So now, adding NOPs:


Last stage, preparing shellcode: we will use the one I found on shell-storm:


Not yet, fixing:


Cool. :) Next?

See you soon...

Cheers




Brak komentarzy:

Prześlij komentarz