-
-
Save andigena/bddda74257510c2c70264aeaad9aa427 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peda | |
parancslista | |
help parancs | |
telescope $cim | |
memoria kiirasa, pointerek kovetese | |
start | |
program elinditasa | |
b *cim, b symbol | |
breakpoint, a debugger megallitja a program futasat megall ezekre a pontokra erve | |
continue | |
program folytatasa | |
step | |
step into, fuggvenyhivasok kovetese, debug informaciok mellett forraskod soronkent lepked | |
stepi | |
step into, fuggvenyhivasok kovetese, assembly utasitasonkent lepked | |
next/nexti | |
step over, fuggvenyhivasok atlepese | |
vmmap | |
virtualis cimter | |
pdisass main | |
fuggveny vagy cim visszafejtese assemblyre |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
STACK4 = stack4 | |
STACK4_OBJECTS = stack4.o | |
RET2LIBC = stack_ret2libc | |
RET2LIBC_OBJECTS = stack_ret2libc.o | |
CC = gcc | |
CFLAGS = -D_FORTIFY_SOURCE=0 -fno-omit-frame-pointer -fno-stack-protector -std=c99 -Wall -ggdb | |
.PHONY: all clean | |
all: $(STACK4) $(RET2LIBC) | |
32: CFLAGS += -m32 | |
32: LDFLAGS += -m32 | |
32: $(STACK4) $(RET2LIBC) | |
asan: CFLAGS += -fsanitize=address | |
asan: LDFLAGS = -fsanitize=address | |
asan: $(STACK4) $(RET2LIBC) | |
clean: | |
rm -f $(STACK4) $(RET2LIBC) $(STACK4_OBJECTS) $(RET2LIBC_OBJECTS) | |
$(STACK4): $(STACK4_OBJECTS) | |
$(CC) $(LDFLAGS) $^ -o $@ | |
$(RET2LIBC): $(RET2LIBC_OBJECTS) | |
$(CC) $(LDFLAGS) $^ -o $@ | |
%.o: %.cpp $(HEADERS) | |
$(CC) $(CFLAGS) -c $< -o $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
from pwn import * | |
e = ELF('./stack_ret2libc') | |
p = process('./stack_ret2libc') | |
sleep(1) | |
print p.sendlineafter(':', 'tukan') # a ':' fogadasa utan elkuldi a 'tukan' stringet + egy ujsort | |
print p.sendlineafter(':', 'khaki') # sok variansaa van, pl. send, sendafter | |
p.interactive() # ha sikerult shellt szerezni akkor igy interaktolhatunk vele |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdlib.h> | |
#include <unistd.h> | |
#include <stdio.h> | |
#include <string.h> | |
void win() | |
{ | |
printf("code flow successfully changed\n"); | |
} | |
int main(int argc, char **argv) | |
{ | |
char buffer[64]; | |
gets(buffer); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
from pwn import * | |
# Hasznos lehet: | |
# p32(0x1): nagyjabol a python struct.pack fuggvenyenek felel meg | |
# cyclic(len): ciklikus mintat general, amibol konnyebb megallapitani a bufferunk melyik resze er el kritikus pontokat | |
e = ELF('./stack4') # beolvassa a binarist, elerhetjuk a szimbolumok es sectionok cimeit | |
p = process('./stack4') # elinditja a processt, ezutan p-n keresztul kommunikalhatunk vele | |
sleep(1) # hogy a peda waitfor -c parancsa megtalalja | |
print hex(e.symbols['win']) # a win fv. cime | |
p.sendline('OK GOOGLE') | |
print p.recvrepeat(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdlib.h> | |
#include <unistd.h> | |
#include <stdio.h> | |
#include <string.h> | |
char global[64]; | |
void innocent_function() | |
{ | |
system("ls"); | |
} | |
void vulnerable_function() | |
{ | |
char local[64]; | |
printf("Please enter your favorite color:"); | |
gets(local); | |
} | |
int main(int argc, char **argv) | |
{ | |
setvbuf(stdout, NULL, _IONBF, 0); | |
printf("Please enter your name:"); | |
gets(global); | |
vulnerable_function(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment