Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
sesiuni:memory:4 [2013/07/11 17:06]
laura [Categories]
sesiuni:memory:4 [2013/07/12 11:52]
rcaragea [Tools you will need]
Line 19: Line 19:
   * Your goal is to '​trick'​ the application into reading the content of that file   * Your goal is to '​trick'​ the application into reading the content of that file
   * After you obtain the password you can advance to the next level by switching to that user   * After you obtain the password you can advance to the next level by switching to that user
-  * You are initially given the password to log into randmin_01 and gatekeeper_01+  * You are initially given the password to log into randmin_01: "​1234" ​and gatekeeper_01: "​4321"​
  
 == Categories == == Categories ==
Line 123: Line 123:
 </​code>​ </​code>​
  
-Calling ​system(char *cmd)+ 
 +For tasks randmin_04 and up: calling ​system(char *cmd)
      * Because system() takes one argument, you will have to do more than just overwrite the return address, you will need to append to your exploit pattern 4 bytes of '​JUNK'​ and 4 bytes that contain the address of char *cmd      * Because system() takes one argument, you will have to do more than just overwrite the return address, you will need to append to your exploit pattern 4 bytes of '​JUNK'​ and 4 bytes that contain the address of char *cmd
  
Line 134: Line 135:
   * ulimit   * ulimit
   * checksec.sh [[http://​www.trapkit.de/​tools/​checksec.sh]]   * checksec.sh [[http://​www.trapkit.de/​tools/​checksec.sh]]
-  * aslr_brute_helper.py [[http://​swarm.cs.pub.ro/​~rcaragea/​aslr_brute_helper.py]]+  * <​del> ​aslr_brute_helper.py [[http://​swarm.cs.pub.ro/​~rcaragea/​aslr_brute_helper.py]] ​</​del>​
sesiuni/memory/4.txt · Last modified: 2013/07/12 15:21 by rcaragea