The reason why Python works and the echo command doesn't, is continuity. bin/sh has no input, so execution continues to the next line, until the stack protector kicks in. The reason for this, is that we are sending the correct payload, but then we are stopping. However, we still get greeted by the error. It sends a bunch of characters to the stdin of the remote process, in the hopes of running /bin/sh. Think about the command above, for a moment. *** stack smashing detected ***: /home/bof/bof terminated overflow me : With that in mind, one's natural attempt would be something like below: echo -e "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\xbe\xba\xfe\xca\x0a" | nc pwnable.kr 9000Īfter all, this is an exact replica of the code above in Python, right? Except, the server begs to differ: IMO Python is always preferred for better automation, but sometimes you just wanna have a quick exploit done without extra tools. However, I wanted to give an alternative answer without Python, but from the terminal. The answer from Jason is the correct solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |