Differences
This shows you the differences between two versions of the page.
|
cns:labs:lab-07 [2022/11/21 13:19] mihai.dumitru2201 [1. Basic Info Leak (tutorial)] |
cns:labs:lab-07 [2022/11/21 14:29] (current) mihai.dumitru2201 [Basic Format String Attack] |
||
|---|---|---|---|
| Line 306: | Line 306: | ||
| After the plan is complete, write down the attack by filling the ''TODO'' lines in the ''exploit.py'' solution skeleton. | After the plan is complete, write down the attack by filling the ''TODO'' lines in the ''exploit.py'' solution skeleton. | ||
| + | /* | ||
| <note tip> | <note tip> | ||
| When sending your exploit to the remote server, adjust this address according to the binary running on the remote endpoint. The precompiled binary can be found in [[cns:resources:repo|the CNS public repository]]. | When sending your exploit to the remote server, adjust this address according to the binary running on the remote endpoint. The precompiled binary can be found in [[cns:resources:repo|the CNS public repository]]. | ||
| </note> | </note> | ||
| + | */ | ||
| After you write 0x300 chars in v, you should obtain shell | After you write 0x300 chars in v, you should obtain shell | ||
| <code> | <code> | ||
| - | $ python exploit64.py | + | $ python exploit.py |
| [!] Could not find executable 'basic_format_string' in $PATH, using './basic_format_string' instead | [!] Could not find executable 'basic_format_string' in $PATH, using './basic_format_string' instead | ||
| [+] Starting local process './basic_format_string': pid 20785 | [+] Starting local process './basic_format_string': pid 20785 | ||
