Create a gist now

Instantly share code, notes, and snippets.

@andigena /Makefile Secret
Last active Oct 10, 2016

What would you like to do?
peda
parancslista
help parancs
telescope $cim
memoria kiirasa, pointerek kovetese
start
program elinditasa
b *cim, b symbol
breakpoint, a debugger megallitja a program futasat megall ezekre a pontokra erve
continue
program folytatasa
step
step into, fuggvenyhivasok kovetese, debug informaciok mellett forraskod soronkent lepked
stepi
step into, fuggvenyhivasok kovetese, assembly utasitasonkent lepked
next/nexti
step over, fuggvenyhivasok atlepese
vmmap
virtualis cimter
pdisass main
fuggveny vagy cim visszafejtese assemblyre
STACK4 = stack4
STACK4_OBJECTS = stack4.o
RET2LIBC = stack_ret2libc
RET2LIBC_OBJECTS = stack_ret2libc.o
CC = gcc
CFLAGS = -D_FORTIFY_SOURCE=0 -fno-omit-frame-pointer -fno-stack-protector -std=c99 -Wall -ggdb
.PHONY: all clean
all: $(STACK4) $(RET2LIBC)
32: CFLAGS += -m32
32: LDFLAGS += -m32
32: $(STACK4) $(RET2LIBC)
asan: CFLAGS += -fsanitize=address
asan: LDFLAGS = -fsanitize=address
asan: $(STACK4) $(RET2LIBC)
clean:
rm -f $(STACK4) $(RET2LIBC) $(STACK4_OBJECTS) $(RET2LIBC_OBJECTS)
$(STACK4): $(STACK4_OBJECTS)
$(CC) $(LDFLAGS) $^ -o $@
$(RET2LIBC): $(RET2LIBC_OBJECTS)
$(CC) $(LDFLAGS) $^ -o $@
%.o: %.cpp $(HEADERS)
$(CC) $(CFLAGS) -c $< -o $@
#!/usr/bin/env python2
from pwn import *
e = ELF('./stack_ret2libc')
p = process('./stack_ret2libc')
sleep(1)
print p.sendlineafter(':', 'tukan') # a ':' fogadasa utan elkuldi a 'tukan' stringet + egy ujsort
print p.sendlineafter(':', 'khaki') # sok variansaa van, pl. send, sendafter
p.interactive() # ha sikerult shellt szerezni akkor igy interaktolhatunk vele
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
void win()
{
printf("code flow successfully changed\n");
}
int main(int argc, char **argv)
{
char buffer[64];
gets(buffer);
}
#!/usr/bin/env python2
from pwn import *
# Hasznos lehet:
# p32(0x1): nagyjabol a python struct.pack fuggvenyenek felel meg
# cyclic(len): ciklikus mintat general, amibol konnyebb megallapitani a bufferunk melyik resze er el kritikus pontokat
e = ELF('./stack4') # beolvassa a binarist, elerhetjuk a szimbolumok es sectionok cimeit
p = process('./stack4') # elinditja a processt, ezutan p-n keresztul kommunikalhatunk vele
sleep(1) # hogy a peda waitfor -c parancsa megtalalja
print hex(e.symbols['win']) # a win fv. cime
p.sendline('OK GOOGLE')
print p.recvrepeat(1)
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
char global[64];
void innocent_function()
{
system("ls");
}
void vulnerable_function()
{
char local[64];
printf("Please enter your favorite color:");
gets(local);
}
int main(int argc, char **argv)
{
setvbuf(stdout, NULL, _IONBF, 0);
printf("Please enter your name:");
gets(global);
vulnerable_function();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment