App - System
ELF32 - Stack buffer overflow basic 1 & 2
Hi, I perform the state of the art buffer overflow and in both challenges the function pointers are properly replaced (I can see it in gdb and in 1 I get "Yeah dude ! You win !\n" displayed). However the shell doesn’t get executed for me.
Do I miss something? Again in gdb I can see a notification that a new thread was started, but system("/bin/dash") has no effect in the console and I don’t get the shell.
Any hints would be great.
Cheers
ELF32 - Stack buffer overflow basic 1 & 2
How can I do that? I tried to use popedn from python subprocess. It closes the stdin once the command is executed. I suspect that perhaps I overlooked some sh/bash parameter...
Anyway, thanks for a suggestion.
UPDATE: I found a solution! Thanks!
ELF32 - Stack buffer overflow basic 1 & 2
no shell for me also 🙁
any hint please.
ELF32 - Stack buffer overflow basic 1 & 2
If you are having your payload generated by [**moderated - no spoil please**]
moderated.png (PNG, 3.6 kb)
ELF32 - Stack buffer overflow basic 1 & 2
Hello, I’m stuck at the same point as others. /bin/dash get executed but I don’t get a dash prompt.
I tried to reproduce the situation on my machine (same suid context, same rights, ...) and I definitely get a prompt.
From man I can read :
system() returns after the command has been completed.
Why /bin/dash doesn’t give me a prompt and ends unexpectedly ?
ELF32 - Stack buffer overflow basic 1 & 2
Weird bug in gdb as well: it does not accept the character "c" (yes, I’m not making this up).
app-systeme-ch13@challenge02: $ gdb
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/> .
gdb$ show opying
Undefined show command: "opying". Try "help show".
Outside gdb, it works just peachy. But, no "set-follow-fork child" now, since "hild" obviously isn’t working.
ELF32 - Stack buffer overflow basic 1 & 2
Is this good or am I doing something wrong?
WARNING:root:could not open file ’/etc/apt/sources.list.d/nodesource.list’
Sorry, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/command-not-found/+filebug
Please include the following information with the report:command-not-found version: 0.3
Python version: 3.4.3 final 0
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
Exception information:’utf-8’ codec can’t encode character ’\udc84’ in position 129: surrogates not allowed
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 24, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
if not cnf.advise(args[0], options.ignore_installed) and not options.no_failure_msg:
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 265, in advise
packages = self.getPackages(command)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 157, in getPackages
result.update([(pkg, db.component) for pkg in db.lookup(command)])
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 85, in lookup
result = self.db.lookup(command)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 41, in lookup
key = key.encode(’utf-8’)
UnicodeEncodeError: ’utf-8’ codec can’t encode character ’\udc84’ in position 129: surrogates not allowed
This happens when I try to run my ’exploit’