Question
Closed this issue ยท 3 comments
Hey Justin,
Thanks for creating this amazing tutorial. I learned a lot!
I am trying to write the assembly instruction "sub esp,0x10" using the metasm_shell.rb you suggested but one of the hex numbers it outputs is a badchar for the binary. How can I replace the hex or how could I go around it?
I am trying to use a different opcode than 0x83.
Thank you!
Thanks for your kind words ๐
Before I respond, may I ask whether this is for an exam? I'm relying on your honesty here but I obviously can't help with any exams.
No worries, I am just trying to build a Python3 script.
You can check it out here : https://github.com/crake7/Buffer_Overflow_Made_Easy/blob/master/Exploit/shellcode.py
I'd like to use the sub_esp function you developed on your tutorial instead. I'd be happy to quote your tutorial since I applied some knowledge from it!
I am just trying to build a Python3 script
Ah cool ๐
I'd be happy to quote your tutorial since I applied some knowledge from it
Thank you ๐ greetz aren't needed but are always apprciated
How can I replace the hex or how could I go around it?
You "just" need to write different code that achieves the same thing (Modifying esp so that the GetPC routine doesn't destroy your shellcode).
sub esp,eax (Subtract eax from esp) assembles to \x29\xc4. Can you load a suitable value into eax and then do sub esp,eax while avoiding your badchars?
I have a solution that avoids \x00\x23\x3c\x83\xba (taken from your shellcode.py) and also avoids \x0d\x0a for good measure. I haven't tested it, but I think it'll work. It's an exercise that's worth doing yourself. If you get stuck let me know, and if you share with me your solution I'll happily share mine.
I'll close this issue to keep things tidy, feel free to reopen it if you want to chat more.
Good luck!