We will start here:
You know that ('sometimes' ;]) I like to "try harder"... but this time I decided to listen to some hints I received some time ago (aka "stop unpacking manualy; use plugins/tools" ;)) and I decided to give it a try.
To proceed I used Kali VM and example vulnerable program grabbed from OWASP (thanks;)).
Settings for Kali (for this case) looks like those presented below:
Normally - now I could start using gdb but today we'll install GEF:
As you can see (in the source) we can simply download the code and use source to add it to GDB. Let's try:
So far, so good. :) Next step - checking if our new configuration is valid:
Looks good ;) It's a good time to go back to the manual - let's try checksec (also available in gdb-peda):
All protections are disabled now so we can easily proceed:
(If you never tried to exploit x64 binary - maybe this is a good moment to start...? ;))
Similar to pattern_offset and pattern_create tools from Metasploit on Kali - we can use the same 'functionality' with GEF - for example:
We'll use the payload saved in file 1.txt to restart the program, like this:
Our very first results:
Pretty good so far :) Time to search for the pattern. But first of all we'll need to find the propper offset:
Ok. At this stage we can go back directly to the example scenario described here. Let's try to build a simple skeleton of the exploit:
Checking:
Restarting our vulnerable program with GEF and gdb:
Results:
I decided to use the address: 0x...e1d8:
...and now we are here (shellcode search linux /bin/sh):
Checking (shellcode get ID-you-want):
I grabbed generated shellcode from /tmp/ directory:
Next case was to add it to our skeleton exploit:
Checking:
Looks good for a start. ;]
Remember: if you're not sure - ask Manual - he's the best! ;)
 |
| Manual's source |
Maybe you'll find it useful.
Special thanks goes to to my Patreon: Daniel.
You are AWESOME! ;)
See you next time!
Brak komentarzy:
Prześlij komentarz