Lab 14 Exploiting - Test - Exe
Lab 14 Exploiting - Test - Exe
Lab 14 Exploiting - Test - Exe
In case not found on your virtual machine, all of the files below could be found here (the
password = infected).
Test.exe Application
Starting python template (exploit1.py)
Shellcode to be used (will be explained later)
Test.c code and how to compile it
Use the code below to start with (SIZE = the value you find during debugging).
import subprocess
buf = ("A"*SIZE)
print "Buffer: ", buf, " Buffer length: ", len(buf)
Deliverable #2: Could you see any “A”s in any of the registers? Where? Explain your findings
with screenshots.
Deliverable #3: Adjust the payload you send the application to show 4 “B”s in EIP. Provide a
screenshot for proof.
Deliverable #5: Do you have an idea why we cannot use any of those marked in RED?
Deliverable #6: Adjust your code so this time you stop on the jump address. Provide proof of
that.
Add the shellcode found at the beginning of this lab document to your code and do the proper
adjustments to proceed. Do not worry about how this code was generated, we will come to
that, plus many others later, for now we want to complete our PoC.
One thing I would recommend before running your code, is to add some No Operation (0x90)
instructions before the buffer holding the payload is reached. Sometimes this is best for
alignment purposes and to make sure we jump into the right landing zone to run our injected
code.
Deliverable #7: Provide proof of running the calculator from within the debugger and even
without a debugger with the final exploit code used.