Versions Compared

Old Version 1

changes.mady.by.user Lazenca.0x0

Saved on

compared with

New Version 2

changes.mady.by.user Lazenca.0x0

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleReturn address
gdb-peda$ r
Starting program: /home/lazenca0x0/Exploit/shellcode/poc 




gdb-peda$ r
Starting program: /home/lazenca0x0/Exploit/shellcode/test 

Breakpoint 1, 0x0000000000400566 in vuln ()
gdb-peda$ i r rsp
rsp            0x7fffffffe448	0x7fffffffe448
gdb-peda$ x/gx 0x7fffffffe448
0x7fffffffe448:	0x00000000004005ab
gdb-peda$ disassemble main
Dump of assembler code for function main:
   0x000000000040059d <+0>:	push   rbp
   0x000000000040059e <+1>:	mov    rbp,rsp
   0x00000000004005a1 <+4>:	mov    eax,0x0
   0x00000000004005a6 <+9>:	call   0x400566 <vuln>
   0x00000000004005ab <+14>:	nop
   0x00000000004005ac <+15>:	pop    rbp
   0x00000000004005ad <+16>:	ret    
End of assembler dump.
gdb-peda$

...

Code Block
titleEnter string
gdb-peda$ c
Continuing.
buf[50] address : 0x7fffffffe400


Breakpoint 2, 0x0000000000400595 in vuln ()
gdb-peda$ i r rsi
rsi            0x7fffffffe400	0x7fffffffe400
gdb-peda$ p/d 0x7fffffffe448 - 0x7fffffffe400
$1 = 72
gdb-peda$ ni
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJKKKKKKKK
gdb-peda$ x/10gx 0x7fffffffe400
0x7fffffffe400:	0x4141414141414141	0x4242424242424242
0x7fffffffe410:	0x4343434343434343	0x4444444444444444
0x7fffffffe420:	0x4545454545454545	0x4646464646464646
0x7fffffffe430:	0x4747474747474747	0x4848484848484848
0x7fffffffe440:	0x4949494949494949	0x4a4a4a4a4a4a4a4a
gdb-peda$

...