Exploit the following code testuser@kali:~$ cat vuln1.c #include #include int main(int argc, char* argv[]) { unsigned int i; char buf[256]; for (i=0; i= 0x68) && ((unsigned int)argv[1][i] <= 0x6e)) { argv[1][i] = 'x'; } } strcpy(buf, argv[1]); printf("Input: %s\n", buf); return 0; } The main challenge here is to use an appropriate shellcode that will withstand the mangling of any '/bin/sh' or similar ASCII string used in the shellcode by the for loop. use MSFVENOM to encode and generate the shellcode which will withstand the mangling of the bits with the for loop. (ie. 0x68 to 0x6e) Q. Provide the command to generate the shellcode for this condition in linux and the workable shellcode
Exploit the following code
testuser@kali:~$ cat vuln1.c
#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[]) {
unsigned int i;
char buf[256];
for (i=0; i<strlen(argv[1]); i++) {
if (((unsigned int)argv[1][i] >= 0x68) && ((unsigned int)argv[1][i] <= 0x6e)) {
argv[1][i] = 'x';
}
}
strcpy(buf, argv[1]);
printf("Input: %s\n", buf);
return 0;
}
The main challenge here is to use an appropriate shellcode that will withstand the mangling of any '/bin/sh' or similar ASCII string used in the shellcode by the for loop. use MSFVENOM to encode and generate the shellcode which will withstand the mangling of the bits with the for loop. (ie. 0x68 to 0x6e)
Q. Provide the command to generate the shellcode for this condition in linux and the workable shellcode
Trending now
This is a popular solution!
Step by step
Solved in 3 steps