How i can get this memory address in Protostar stack 5 CTF
Question
I found this solution for solving protostar's ctf stack5 challenge. The solution works, but I can't figure out how in the stack diagram section we get the address: 0xbffff800 . I understand that NOPs have been added, but how do you get to how many NOPs need to be added to get to that address. I link to the solution site: https://medium.com/@coturnix97/exploit-exercises-protostar-stack-5-963731ff4b71
1 answers
solution1
0 2022-06-05 23:40:01
Well
So how do we overcome this? Well gdb isn't that far out, so we try shifting down the stack (up in address) until we get a hit, we can use jumps of up to 30 bytes as this is the length of our NOP sled. As you may have guessed from my diagram, an address that worked for me ended up being 0xbffff800, this is what happens when we use that.
He sort of guessed it. But you can add as many NOPs as you want.
Think of it like this:
____________
| NOP |0x0
eip->| NOP |0x4
| NOP |0x8
| NOP |0xc
| shellcode|0x10
––––––––––––
but your shellcode would still execute if you would point eip to 0x0 or 8 or 0xc and etc. the point is the more generally the better as you have more room to do 'guess work'.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.