lab2

Stack bufer overflows - basic

Narnia

Visit the Narnia

compiler options

gcc -no-pie -fno-stack-protector -m32 -z execstack

level 0 - to get you started

(python -c 'print "A"*20 + "CHANGE HERE"'; cat) | ./narnia0
cat /etc/narnia_pass/narnia1

level 1 - first shellcode

• Easy way - http://shell-storm.org/shellcode/ etc
• Another easy way - pwntools
• Or just write something yourself
  • Position independent
  • Bad chars (nullbyte, newline...)
  • Syscalls

level 2 - first sploit

• EIP offset - cyclic payload
• info frame

level 3 - not always a shell

• soft links

level 4 - shellcoding in place

• Nop sleed