Austin Howard fgsahoward
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM base/archlinux:latest AS base | |
| RUN pacman -Sy --noconfirm binutils perl python libxcb clang emscripten git make cmake qbs | |
| ENV PATH="/usr/lib/emscripten:${PATH}" | |
| FROM base AS repos-configured | |
| COPY ./configure-qt5-repos.sh ./ | |
| RUN ./configure-qt5-repos.sh | |
| FROM repos-configured AS repos-built |
fgsahoward
/ function_prolog.s
Created
June 11, 2018 14:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| foo: | |
| # Begin function prolog | |
| push %ebp | |
| mov %esp, %ebp | |
| # End function prolog | |
| .... |
fgsahoward
/ function_epilog.s
Created
June 11, 2018 14:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| pop %ebp | |
| ret |
fgsahoward
/ function_call_stack_layout
Created
June 11, 2018 14:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Before call to Function1: | |
| Register Value on stack Memory Address Notes | |
| ----------------------- | |
| | saved %eip | 0xbfffffd0 | |
| ----------------------- ---- | |
| %ebp -> | saved %ebp | 0xbfffffcc | | |
| ----------------------- | Main's stack frame | |
| | local variables | 0xbfffffc8 | |
fgsahoward
/ easy.c
Created
June 11, 2018 14:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** Easily exploitable Buffer Overflow for learning purposes | |
| * | |
| * Compilation: | |
| * gcc -fno-stack-protector -z execstack -m32 -o easy easy.c | |
| **/ | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
fgsahoward
/ gdb_easy_disas_main
Created
June 11, 2018 14:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gdb -q ./easy | |
| (gdb) disas main | |
| Dump of assembler code for function main: | |
| 0x0804843a <main+0>: lea 0x4(%esp),%ecx | |
| 0x0804843e <main+4>: and $0xfffffff0,%esp | |
| 0x08048441 <main+7>: pushl -0x4(%ecx) | |
| 0x08048444 <main+10>: push %ebp | |
| 0x08048445 <main+11>: mov %esp,%ebp | |
| 0x08048447 <main+13>: push %ecx | |
| 0x08048448 <main+14>: sub $0x14,%esp |
fgsahoward
/ gdb_easy_disas_vulnerable
Created
June 11, 2018 14:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gdb) disas vulnerable | |
| Dump of assembler code for function vulnerable: | |
| 0x08048404 <vulnerable+0>: push %ebp | |
| 0x08048405 <vulnerable+1>: mov %esp,%ebp | |
| 0x08048407 <vulnerable+3>: sub $0x408,%esp | |
| 0x0804840d <vulnerable+9>: mov 0x8(%ebp),%eax | |
| 0x08048410 <vulnerable+12>: mov %eax,0x4(%esp) | |
| 0x08048414 <vulnerable+16>: lea -0x400(%ebp),%eax | |
| 0x0804841a <vulnerable+22>: mov %eax,(%esp) | |
| 0x0804841d <vulnerable+25>: call 0x8048320 <strcpy@plt> |
fgsahoward
/ gdb_easy_breakpoint1
Created
June 11, 2018 14:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gdb) b *main+54 | |
| Breakpoint 1 at 0x8048470 | |
| (gdb) run hello | |
| Starting program: /tmp/easy/easy hello | |
| Breakpoint 1, 0x08048470 in main () | |
| Current language: auto; currently asm |
fgsahoward
/ gdb_easy_stack_examination1
Created
June 11, 2018 14:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gdb) info reg | |
| eax 0xbfffda82 -1073751422 | |
| ecx 0xbfffd8f0 -1073751824 | |
| edx 0xbfffd8f0 -1073751824 | |
| ebx 0x26eff4 2551796 | |
| esp 0xbfffd8c0 0xbfffd8c0 | |
| ebp 0xbfffd8d8 0xbfffd8d8 | |
| esi 0x8048490 134513808 | |
| edi 0x8048350 134513488 | |
| eip 0x8048470 0x8048470 <main+54> |
fgsahoward
/ gdb_easy_stack_examination2
Created
June 11, 2018 14:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gdb) x/xw $esp | |
| 0xbfffd8bc: 0x08048475 | |
| (gdb) si | |
| 0x08048405 in vulnerable () | |
| (gdb) | |
| 0x08048407 in vulnerable () | |
| (gdb) i r | |
| eax 0xbfffda82 -1073751422 | |
| ecx 0xbfffd8f0 -1073751824 | |
| edx 0xbfffd8f0 -1073751824 |
OlderNewer