after that, create the script c
load it in a debugger and try to trigger out buffer overflow
and run the script python at gdb " (gdb) run $(python -c 'print "\x41" * 600')
after that turn off the SSP
and fin the register eip whether 41414141 or not yet?
after that, find the address of esp
open the list script to breakpoint
if esp address is breakpoint, subtract 200 from ESP we will get: 0xbffff16c - 200 = 0xbfffef6c, how to find it by using a calculator
and the result from reduction is
after we get the esp address reduction, next find the payload, the scrip from exploitdb, after that compile the file
copy the payload to script python
the EIP get overwritten with the right address but it stops … let’s see
what we can find at that address
the eip remain in 0x00000000, change exploit as below
it can not be to exploit, add the number of noperation from 370 to 371 and run
finally we can exploit, and we can get to the root, try to write "dir"
Tidak ada komentar:
Posting Komentar