Skip to content

Changed the first byte of the payload to resemble the parameter. #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Changed the first byte of the payload to resemble the parameter. #54

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/binary-exploitation/buffer-overflow.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ The remaining 152 bytes would continue clobbering values up the stack.

How can we use this to pass the seemingly impossible check in the original program? Well, if we carefully line up our input so that the bytes that overwrite `secret` happen to be the bytes that represent 0x1337 in little-endian, we'll see the secret message.

A small Python one-liner will work nicely: `python -c "print 'A'*100 + '\x31\x13\x00\x00'"`
A small Python one-liner will work nicely: `python -c "print 'A'*100 + '\x37\x13\x00\x00'"`

This will fill the `name` buffer with 100 'A's, then overwrite `secret` with the 32-bit little-endian encoding of 0x1337.

Expand Down