This is my first attempt of buffer overflow! I’ve been very interested in binary exploits and I found this task on GCI that I can start studying buffer overflow!
First, I try different lengths to reach the return pointer, which is 264 bytes after the start of the buffer. Then, I put a nopslide in the beginning and then the 24 bytes shellcode that executes /bin/sh, and finally, overwrite the return pointer to the nopslide to slide into the shellcode!
Actually, I’ve learned a lot from this experience: Use python2, as python3’s print function have special encodings, and don’t put the shellcode too close to $rsp or it may corrupt itself
Share this recording
Link
Append ?t=30 to start the playback at 30s, ?t=3:20 to start the playback at 3m 20s.
Embed image link
Use snippets below to display a screenshot linking to this recording.
Useful in places where scripts are not allowed (e.g. in a project's README file).
HTML:
Markdown:
Embed the player
If you're embedding on your own page or on a site which permits script tags, you can use the full player widget:
Paste the above script tag where you want the player to be displayed on your page.
See embedding docs for additional options.
Download this recording
You can download this recording in asciicast v2 format, as a .cast file.
DownloadReplay in terminal
You can replay the downloaded recording in your terminal using the
asciinema play
command:
asciinema play 292237.castIf you don't have asciinema CLI installed then see installation instructions.
Use with stand-alone player on your website
Download asciinema player from
the releases page
(you only need .js
and .css
file), then use it like this:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
<div id="player"></div>
<script src="asciinema-player.min.js"></script>
<script>
AsciinemaPlayer.create(
'/assets/292237.cast',
document.getElementById('player'),
{ cols: 80, rows: 24 }
);
</script>
</body>
</html>See asciinema player quick-start guide for full usage instructions.
Generate GIF from this recording
While this site doesn't offer GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.
Once you have it installed run the following command to create GIF file:
agg https://asciinema.org/a/292237 292237.gifOr, if you already downloaded the recording file:
agg 292237.cast 292237.gifCheck agg --help for all available options. You can change font
family and size, select color theme, adjust speed and more.
See agg manual for full usage instructions.