I'm trying to bof a particular exploitme on DVL by redirecting input (to gets) using run < inputfile inside gdb
I can overflow the program successfully but am having trouble appending hex values to the string.. I have tried quotations, converting the value of the mem addr to ascii and various escape attempts (\,\,\) with no luck
Input file example: AAAA\x42
In the above exam开发者_运维百科ple it would appear that the backslash is being read as an ascii char (5c) and the value 42 remains in the stack (oddly?).
How would one go about specifying a hex value inside a gdb input file?
Thanks
Use perl! :)
reader@hacking:~/booksrc $ ./overflow_example $(perl -e 'print "A"x30')
with the 'e' option perl will evaluate the following command, and surrounding everything will treat the output of perl as a string. So the command above is identical to:
reader@hacking:~/booksrc $ ./overflow_example AAAAAAAAAAAAAAAAAAAAAAAAA
(adding x30 after a string will repeat it 30 times).
Of course perl accepts other hex values with the notation \x??
. One more word, to concatenate strings use a dot:
reader@hacking:~/booksrc $ perl -e 'print "A"x20 . "BCD" . "\x61\x66\x67\x69" ;'
AAAAAAAAAAAAAAAAAAAABCDafgi
So you can redirect the output of perl in your input file or directly call perl in gdb when you run the program.
精彩评论