Binary exploitation
if you can download the app from sites, we can analyze them on kali!
Tool: Ghidra
New project> non-share > set a project name > Tool chest (dragon icon) > import the file.
And analyze!
look into functions > main and see what it's doing
local_128
gets(local_78)
puts(local_78)
gets and puts are vulnerable.
Try to run the app
make it executable with chmod +x
gdb ./myapp
download gef
python -c 'print "A"*112' (copy the output and paste it into the app command to test the BOF)
Does it make the app crush?
run with "r" command
look at registers with "registers"
You can search patten with
create another patten with
To see exactly where we see the B
From Ghidra, copy the memory address of the main function.
create a simple exploit.py
-finding system address
Last updated