Show page

Differences

This shows you the differences between two versions of the page.

--- cns:labs:lab-07 [2021/11/23 17:00]
razvan.deaconescu [2. Information Leak]
+++ cns:labs:lab-07 [2022/11/21 14:29] (current)
mihai.dumitru2201 [Basic Format String Attack]
@@ Line 4: / Line 4: @@
 All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]].
-Submit your flags to [[https://cns-lab-ctf21.cyberedu.ro/|the CNS CyberEDU Platform]].
 ===== Intro =====
@@ Line 39: / Line 37: @@
 We can test this using:
 <code>
-$ python -c 'print("A"*32)' | ./basic_info_leak
+$ python -c 'import sys; sys.stdout.buffer.write(b"A"*32)' | ./basic_info_leak
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA�8�
 </code>
@@ Line 45: / Line 43: @@
 In order to check the hexadecimal values of the leak, we pipe the output through ''xxd'':
 <code>
-$ python -c 'print("A"*32)' | ./basic_info_leak | xxd
+$ python -c 'import sys; sys.stdout.buffer.write(b"A"*32)' | ./basic_info_leak | xxd
 00000000: 4141 4141 4141 4141 4141 4141 4141 4141  AAAAAAAAAAAAAAAA
 00000010: 4141 4141 4141 4141 4141 4141 4141 4141  AAAAAAAAAAAAAAAA
@@ Line 308: / Line 306: @@
 After the plan is complete, write down the attack by filling the ''TODO'' lines in the ''exploit.py'' solution skeleton.
+/*
 <note tip>
 When sending your exploit to the remote server, adjust this address according to the binary running on the remote endpoint. The precompiled binary can be found in [[cns:resources:repo|the CNS public repository]].
 </note>
+*/
 After you write 0x300 chars in v, you should obtain shell
 <code>
-$ python exploit64.py
+$ python exploit.py
 [!] Could not find executable 'basic_format_string' in $PATH, using './basic_format_string' instead
 [+] Starting local process './basic_format_string': pid 20785

Resources

Labs

Lectures

Assignments

Extra

cns/labs/lab-07.1637679617.txt.gz · Last modified: 2021/11/23 17:00 by razvan.deaconescu

Show page Old revisions

Media Manager Back to top