Show page

Differences

This shows you the differences between two versions of the page.

--- cns:labs:lab-04 [2020/11/09 14:10]
razvan.deaconescu [Phase 6: Diverting control flow]
+++ cns:labs:lab-04 [2022/10/31 17:22] (current)
mihai.dumitru2201 [Tasks]
@@ Line 369: / Line 369: @@
 <code asm>
+BITS 64
     jmp string
 start:
-    pop rcx    ; pop address of `hello` variable in rcx
+    pop rsi ; pop address of `hello` variable in rsi (the 2nd syscall argument on 64 bits)
     [...]
+    syscall ; do syscall on 64 bits
 string:
     call start ; jump/trampoline back to start while storing the address of `hello` on the stack
@@ Line 378: / Line 381: @@
 </code>
-The call instruction will push the address of the next "instruction" (in this case, our string), onto the stack.
+The ''call'' instruction will push the address of the next "instruction" (in this case, our string), onto the stack.
 </note>
@@ Line 386: / Line 389: @@
 <code C>
-execve('/bin/sh', ['/bin/sh'], 0);
+execve("/bin/sh", ["/bin/sh", NULL], NULL);
 </code>
-Where //['/bin/sh']// denotes the **address** of the string '/bin/sh'.
+Where ''["/bin/sh", NULL]'' denotes the **address** of the array of two strings address: the address of the ''"/bin/sh"'' string and the ''NULL'' address.
 <note tip>
-You need to get the string '/bin/sh' on the stack. You can do this using the hack from the write challenge.
+You need to get the address of the string ''"/bin/sh"'' on the stack.
+You can do this using the hack from the write challenge.
 </note>
 <note tip>
-You can browse around shellstorm for examples; however, keep in mind that they may not work due to some registers not being set properly.
+You can browse around shellstorm for examples;
+however, keep in mind that they may not work due to some registers not being set properly.
 </note>
 ==== 3. execve with no zeros  ====

Resources

Labs

Lectures

Assignments

Extra

cns/labs/lab-04.1604923825.txt.gz · Last modified: 2020/11/09 14:10 by razvan.deaconescu

Show page Old revisions

Media Manager Back to top