Differences
This shows you the differences between two versions of the page.
|
cns:labs:lab-03 [2022/10/24 12:08] mihai.dumitru2201 [2. Overflow a Pointer] |
cns:labs:lab-03 [2022/10/24 19:05] (current) mihai.dumitru2201 [2. Overflow a Pointer] |
||
|---|---|---|---|
| Line 186: | Line 186: | ||
| We now see that we've overwritten three bytes of the ''f_ptr'' function pointer that we jump to: ''0x00'' (the NUL byte), ''0x0a'' (the newline), and ''0x41'' (one of the 41 ''A'' characters we've written). | We now see that we've overwritten three bytes of the ''f_ptr'' function pointer that we jump to: ''0x00'' (the NUL byte), ''0x0a'' (the newline), and ''0x41'' (one of the 41 ''A'' characters we've written). | ||
| - | Let's see how we could write some random hex data. Let's overwrite the ''dumb_number'' value with ''0x87654321'', that is the reverse of how it currently is. We will write ''32'' bytes of ''A'' and another eight properly arranged bytes to overwrite the ''dumb_number'' variable:<code> | + | Let's see how we could write some random hex data. Let's overwrite the ''dumb_number'' value with ''0x87654321'', that is the reverse of how it currently is. We will write ''32'' bytes of ''A'' and another eight properly arranged bytes to overwrite the ''dumb_number'' variable: |
| - | $ python -c 'import sys; sys.stdout.buffer.write(32*b"A" + b"\x00\x00\x00\x00\x21\x43\x65\x87")' | ./overflow_ptr | + | <code> |
| + | |||
| + | $ python -c 'import sys; sys.stdout.buffer.write(32*b"A" + b"\x21\x43\x65\x87\x00\x00\x00\x00")' | ./overflow_ptr | ||
| Provide buffer input: Dumb number value is 0x87654321. | Provide buffer input: Dumb number value is 0x87654321. | ||
