From a6908f8957d502893cfcd641d0de0bd2ea0145c2 Mon Sep 17 00:00:00 2001 From: Navan Chauhan Date: Mon, 23 Oct 2023 16:17:48 -0600 Subject: Update attack lab --- docs/posts/2023-10-05-attack-lab.html | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'docs/posts') diff --git a/docs/posts/2023-10-05-attack-lab.html b/docs/posts/2023-10-05-attack-lab.html index 25c5607..db0324a 100644 --- a/docs/posts/2023-10-05-attack-lab.html +++ b/docs/posts/2023-10-05-attack-lab.html @@ -78,7 +78,9 @@

We can see that 0x18 (hex) or 24 (decimal) bytes of buffer is allocated to getbuf (Since, 24 bytes are being subtracted from the stack pointer).

-

Now, since we know the buffer size we can try passing the address of the touch1 function.

+

Buffer Overflow: A buffer overrun happens when the size of the data exceeds the memory size reserved for the buffer we are storing in our value.

+ +

Now, since we know the buffer size we can try passing the address of the touch1 function after we pad it up with the buffer size.

jxxxan@jupyter-xxxxxx8:~/lab3-attacklab-xxxxxxxxuhan/target66$ cat dis.txt | grep touch1
@@ -397,6 +399,13 @@ NICE JOB!
   Attack Lab Handout

+
+

What is ROP Attack? +

+ is a computer security exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked machine instructions + https://resources.infosecinstitute.com

+
+

Let us check if we can find popq %rdi between start_farm and end_farm

The way a normal person would find the hex representation 58 to be between start_farm and end_farm is to find the line numbers for both and -- cgit v1.2.3