exploit-exercises | Mirror for exploit-exercises.com
kandi X-RAY | exploit-exercises Summary
kandi X-RAY | exploit-exercises Summary
Mirror for exploit-exercises.com
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of exploit-exercises
exploit-exercises Key Features
exploit-exercises Examples and Code Snippets
Community Discussions
Trending Discussions on exploit-exercises
QUESTION
So I am doing the protostar challenges from exploit exercises and I'm completely stumped. Protostar runs on a virtual machine emulating an i686 processor.
...ANSWER
Answered 2020-Aug-26 at 07:39When piping or routing input into the program then stdin basically ceases to exist when the providing source is at the end of it's output or terminates. Therefore you don't get a shell.
Disassemble main didn't work anymore at the instances with that behavior because the program being loaded by gdb no longer is stack6 but /bin/sh. Executing Run again would execute /bin/sh.
I have no idea why the program segfaulted when the piped input ran out. But with the file the interrupt 80 did not segfault and afterwards it ran interrupt 80 with eax = 1 calling exit(ebx), leading to normal termination.
To execute the exploit, you need shell code that doesn't need stdin input, such as a metasploit reverse tcp bind shell or you need to provide continuous input after the exploit was executed. For example like this:
QUESTION
I want to do the Protostar exploit exercises in https://exploit-exercises.lains.space/
I wanted to install the Python 3 version and to do that I need to run the sudo apt-get update command. But it seems like it fails and the problem is with the dns. But unfortunately I can't fix it.
This is the output when I run the command.
...ANSWER
Answered 2020-Apr-14 at 09:04So to solve and download python 3.6 on Protostar :
( apparently there was no internet connection on the host because of the Host-only adapter in virtualbox )
downloaded python using wget :
wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
Then I transferred it using scp ( ssh ) ( you can move it to /tmp and then to /usr/sbin if it says no permission )
scp Python-3.6.9.tgz root@192.168.56.102:/usr/sbin
exported and install python
QUESTION
I am trying to do the ProtoStar stack5 challenge. I know the solution (following a write up), but I am trying to come up with a different approach.
Here is the source code for the program we are trying to execute shellcode on:
...ANSWER
Answered 2020-Mar-30 at 00:13So I ended up posting this issue on LiveOverflow's subreddit and I was pointed towards the direction of this video by LiveOverflow.
The video will explain it much better than me, but essentially, python2 and python3 do not print hex into ascii the same. Python3 inserts extra characters, while python2 prints the raw hex string.
I strongly encourage you to watch the video as it explains it indepth.
This answer from another question here on SO answered by @dsh also explains it:
The byte-sequence C3 BE is the UTF-8 encoded representation of the character U+00FE.
Python 2 handles strings as a sequence of bytes rather than characters. So '\xfe' is a str object containing one byte.
In Python 3, strings are sequences of (Unicode) characters. So the code '\xfe' is a string containing one character. When you print the string, it must be encoded to bytes. Since your environment chose a default encoding of UTF-8, it was encoded accordingly.
How to solve this depends on your data. Is it bytes or characters? If bytes, then change the code to tell the interpreter: print(b'\xfe'). If it is characters, but you wanted a different encoding then encode the string accordingly: print( '\xfe'.encode('latin1') ).
QUESTION
Hey I´m currently doing ProtoStar-Stack5 http://exploit-exercises.lains.space/protostar/stack5/ with following c-code:
...ANSWER
Answered 2020-Jan-19 at 12:01You are executing code from the stack, and then pushing new values to the stack - that why the push is in fact overwriting your shellcode.
QUESTION
I was using python to solve the protostar challenges from exploit-exercises. And I was surprised by the different output for this code with python 3.
...ANSWER
Answered 2018-Feb-12 at 20:27It's coming from encoding the character as UTF-8.
QUESTION
I am trying to solve Protostar stack5. Here is a solution. It puts the shellcode after the return address, I tried to put it before, in the array. I have tried the shellcode, it works.
It seems everything OK, the execution jumps to shellcode, but I get a segmentation fault after the end of shellcode, and no shell is spawned. I do not know why, in gdb not all shellcode instructions appear properly.
For example at 0xbffff690 should be mov %esp,%ecx not cwtl. Maybe this is the problem? Why is this happening?
Edit: Since the array address will be slightly different when it is started outside gdb we need a nop sled. So my approach maybe will not work because the array size is too small for this. However I still want to know why the end of the shellcode is interpreted wrongly in gdb.
ANSWER
Answered 2017-Apr-01 at 15:12Interesting question. The answer is: you have a stack overflow in your stack overflow.
On my system, the disassembly for main is at a slightly different address:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install exploit-exercises
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
