wtorek, 23 lipca 2019

Protostar CTF - Stack5

Today we will try to solve next part of the Protostar CTF - stack5. Below you will find the details. Here we go...
Today we will start here:

As you can see we have buffer to overflow, let's try to do that :) Running the program just to check it in action:

Now let's open stack5 in gdb:

As you can see I like to set up 2 more options when using gdb:
- set disassembly-flavor intel
- set pagination off

Reading the listing we can see that there is a leave instruction (in main+21), let's break (b) there. Running with our 'payload' (from /tmp/x1) and we are here:

Next we will check where is our payload in ESP:

Next I decided to prepare a new payload this time using Metasploit's

Restarting the app with new payload:

So far, so good. Our payload is available in ESP, type c(ontinue) to proceed:

Now it should be easier to get the offset:

Checking with new payload:

Looking for the address we will overwrite:

So now, adding NOPs:

Last stage, preparing shellcode: we will use the one I found on shell-storm:

Not yet, fixing:

Cool. :) Next?

See you soon...


Brak komentarzy:

Prześlij komentarz