Looks like another good day to learn (and practice) more about binary exploitation. :) After bypassing ASLR and NX last time I decided to check it 'somewhere online'. That's how I found one of the challenges available for PicoCTF 2019. Below you'll find the details. Here we go...
Today we'll start here:
As you can see I downloaded an Overflow-0 binary to my Ubuntu (16.04 x32) with gdb-peda installed (but you can use GEF instead - your choice). Next - as there was a source file - I read the source:
ASLR is disabled this time ;)
I continued by creating the pattern (using gdb-peda), like this:
Next thing was to check it with our vulnerable program:
Quick results below:
Checking the offset and verifying overflow:
When 2nd pattern is prepared we should be somewhere here:
Next I started building an exploit. What I was looking for was: address of system() function, address of exit() function and of course the address of /bin/sh string. Checking:
New pattern is prepared so let's try it:
Looks like it's done ;] Maybe you'll find it useful.
Brak komentarzy:
Prześlij komentarz