Sto facendo una domanda d'esame, supponiamo di avere una funzione come;
void func(char* arg)
{
char buf[32];
strcpy(buf, arg);
}
command break func:
-buf begins at 0xbffebfb0
-(gdb) x/2wx $ebp
0xbfebfd8: 0xbffec068 0x08048fe1
machine is 32 bit little endian, no defenses like aslr or dep
c) You want to run a payload/shellcode that is 24 bytes long,write hex bytes that should be copied into the buffer for an overflow exploit? I don't really know how to go about creating buffer overflows.
Comunque vorrei scrivere in '\ x90', ma non so quanto scrivere e dove ti atterra
d) Assuming ASLR is enabled, which results in stack being offset by 0-15 each time it runs. Describe a payload in form of a python print statement that will always get the shellcode from part c to execute? ( assume, stack condition from part c holds when offset is 0).
Penso che la dichiarazione di stampa sarebbe simile a python qui sotto;
print shellcode + '\bytes filled in' + pack("<I", shellcode_addr) + pack("<I", return_addr)
Ma non posso fare molto sulla parte d senza conoscere la parte c, ho bisogno di aiuto su come risolverei c e d.