Assignment 4

1 files changed, 18 insertions, 0 deletions

diff --git a/CamilStaps-s4498062-Assignment-4/ex1/exploit/README b/CamilStaps-s4498062-Assignment-4/ex1/exploit/README
new file mode 100644
index 0000000..9e055de
--- /dev/null
+++ b/CamilStaps-s4498062-Assignment-4/ex1/exploit/README
@@ -0,0 +1,18 @@
+Usage: ./exploit.sh | nc hackme.cs.ru.nl 2288
+
+You start with control over input. Send EOF (ctrl+D) to send the exploit. Input control
+is then returned to you. Note that the shell will not echo a prompt. Just try some commands.
+
+If the exploit does not function out of the box, use the initial control to send format
+string (50 times %p). Get the desired return address from this (it's the 8 bytes before the
+stored frame pointer, 16 bytes before the current return address, in "int ret", right behind
+the buffer now recognizable by the run of 0x7025702570257025). Change the return address
+in genretaddr.sh. Run genexploit.sh to generate the new exploit. Note that the return address
+tends to drift, even with ASLR turned off. See genretaddr.sh for details.
+
+If the shellcode must be altered, do so in genshellcode.sh. If this also means the padding
+must be altered, change the number of NOPs in genexploit.sh (the first loop). If necessary,
+also alter the number of copies of the return address in genexploit.sh (the second loop).
+
+If you need more than a single try in one session (e.g. when ASLR is turned on), change
+exploit.sh to use the commented loop instead of `cat - exploit -`.