andigena/Makefile Secret

## hasznos gdb es peda parancsok
	peda
    parancslista
	help parancs
  telescope $cim
    memoria kiirasa, pointerek kovetese
	start
    program elinditasa
  b *cim, b symbol
    breakpoint, a debugger megallitja a program futasat megall ezekre a pontokra erve
  continue
    program folytatasa
	step
    step into, fuggvenyhivasok kovetese, debug informaciok mellett forraskod soronkent lepked
  stepi
    step into, fuggvenyhivasok kovetese, assembly utasitasonkent lepked
	next/nexti
    step over, fuggvenyhivasok atlepese
	vmmap
    virtualis cimter
	pdisass main
    fuggveny vagy cim visszafejtese assemblyre

## Makefile
STACK4 = stack4
STACK4_OBJECTS = stack4.o
RET2LIBC   = stack_ret2libc
RET2LIBC_OBJECTS   = stack_ret2libc.o

CC = gcc
CFLAGS = -D_FORTIFY_SOURCE=0 -fno-omit-frame-pointer -fno-stack-protector -std=c99 -Wall -ggdb

.PHONY: all clean

all: $(STACK4) $(RET2LIBC)

32: CFLAGS += -m32
32: LDFLAGS += -m32
32: $(STACK4) $(RET2LIBC)

asan: CFLAGS += -fsanitize=address
asan: LDFLAGS = -fsanitize=address
asan: $(STACK4) $(RET2LIBC)


clean:
	rm -f $(STACK4) $(RET2LIBC) $(STACK4_OBJECTS) $(RET2LIBC_OBJECTS)

$(STACK4): $(STACK4_OBJECTS)
	$(CC) $(LDFLAGS) $^ -o $@

$(RET2LIBC): $(RET2LIBC_OBJECTS)
	$(CC) $(LDFLAGS) $^ -o $@

%.o: %.cpp $(HEADERS)
	$(CC) $(CFLAGS) -c $< -o $@

## ret2libc_skel.py
#!/usr/bin/env python2
from pwn import *

e = ELF('./stack_ret2libc')
p = process('./stack_ret2libc')
sleep(1)
print p.sendlineafter(':', 'tukan') # a ':' fogadasa utan elkuldi a 'tukan' stringet + egy ujsort
print p.sendlineafter(':', 'khaki') # sok variansaa van, pl. send, sendafter
p.interactive()                     # ha sikerult shellt szerezni akkor igy interaktolhatunk vele

## stack4.c
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void win()
{
    printf("code flow successfully changed\n");
}

int main(int argc, char **argv)
{
    char buffer[64];

    gets(buffer);
}

## stack4_skel.py
#!/usr/bin/env python2
from pwn import *

# Hasznos lehet:
# p32(0x1): nagyjabol a python struct.pack fuggvenyenek felel meg
# cyclic(len): ciklikus mintat general, amibol konnyebb megallapitani a bufferunk melyik resze er el kritikus pontokat

e = ELF('./stack4')             # beolvassa a binarist, elerhetjuk a szimbolumok es sectionok cimeit
p = process('./stack4')         # elinditja a processt, ezutan p-n keresztul kommunikalhatunk vele
sleep(1)                        # hogy a peda waitfor -c parancsa megtalalja

print hex(e.symbols['win'])     # a win fv. cime
p.sendline('OK GOOGLE')
print p.recvrepeat(1)

## stack_ret2libc.c
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

char global[64];

void innocent_function()
{
    system("ls");
}

void vulnerable_function()
{
    char local[64];
    printf("Please enter your favorite color:");
    gets(local);
}

int main(int argc, char **argv)
{
    setvbuf(stdout, NULL, _IONBF, 0);
    printf("Please enter your name:");
    gets(global);
    vulnerable_function();
}
	peda
	parancslista
	help parancs
	telescope $cim
	memoria kiirasa, pointerek kovetese
	start
	program elinditasa
	b *cim, b symbol
	breakpoint, a debugger megallitja a program futasat megall ezekre a pontokra erve
	continue
	program folytatasa
	step
	step into, fuggvenyhivasok kovetese, debug informaciok mellett forraskod soronkent lepked
	stepi
	step into, fuggvenyhivasok kovetese, assembly utasitasonkent lepked
	next/nexti
	step over, fuggvenyhivasok atlepese
	vmmap
	virtualis cimter
	pdisass main
	fuggveny vagy cim visszafejtese assemblyre
	STACK4 = stack4
	STACK4_OBJECTS = stack4.o
	RET2LIBC = stack_ret2libc
	RET2LIBC_OBJECTS = stack_ret2libc.o

	CC = gcc
	CFLAGS = -D_FORTIFY_SOURCE=0 -fno-omit-frame-pointer -fno-stack-protector -std=c99 -Wall -ggdb

	.PHONY: all clean

	all: $(STACK4) $(RET2LIBC)

	32: CFLAGS += -m32
	32: LDFLAGS += -m32
	32: $(STACK4) $(RET2LIBC)

	asan: CFLAGS += -fsanitize=address
	asan: LDFLAGS = -fsanitize=address
	asan: $(STACK4) $(RET2LIBC)


	clean:
	rm -f $(STACK4) $(RET2LIBC) $(STACK4_OBJECTS) $(RET2LIBC_OBJECTS)

	$(STACK4): $(STACK4_OBJECTS)
	$(CC) $(LDFLAGS) $^ -o $@

	$(RET2LIBC): $(RET2LIBC_OBJECTS)
	$(CC) $(LDFLAGS) $^ -o $@

	%.o: %.cpp $(HEADERS)
	$(CC) $(CFLAGS) -c $< -o $@
	#!/usr/bin/env python2
	from pwn import *

	e = ELF('./stack_ret2libc')
	p = process('./stack_ret2libc')
	sleep(1)
	print p.sendlineafter(':', 'tukan') # a ':' fogadasa utan elkuldi a 'tukan' stringet + egy ujsort
	print p.sendlineafter(':', 'khaki') # sok variansaa van, pl. send, sendafter
	p.interactive() # ha sikerult shellt szerezni akkor igy interaktolhatunk vele
	#include <stdlib.h>
	#include <unistd.h>
	#include <stdio.h>
	#include <string.h>

	void win()
	{
	printf("code flow successfully changed\n");
	}

	int main(int argc, char **argv)
	{
	char buffer[64];

	gets(buffer);
	}
	#!/usr/bin/env python2
	from pwn import *

	# Hasznos lehet:
	# p32(0x1): nagyjabol a python struct.pack fuggvenyenek felel meg
	# cyclic(len): ciklikus mintat general, amibol konnyebb megallapitani a bufferunk melyik resze er el kritikus pontokat

	e = ELF('./stack4') # beolvassa a binarist, elerhetjuk a szimbolumok es sectionok cimeit
	p = process('./stack4') # elinditja a processt, ezutan p-n keresztul kommunikalhatunk vele
	sleep(1) # hogy a peda waitfor -c parancsa megtalalja

	print hex(e.symbols['win']) # a win fv. cime
	p.sendline('OK GOOGLE')
	print p.recvrepeat(1)