A single challenge tonight, busy day. This one went easier than expected, no
fiddling with offsets or planting binaries. Have I shown you that piece of code I got ready just in case, thanks to man execve ?
/* execve.c */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
char *newargv[] = { NULL, NULL };
char *newenviron[] = { NULL };
execve("/bin/sh", newargv, newenviron);
perror("execve"); /* execve() returns only on error */
exit(EXIT_FAILURE);
}
The only thing I learned today, thanks to gdb, was that my overwrite went
backwards, surprisingly. Having no ASLR, some breakpoints and the following
gdb advanced usage went fine.
break main
x/s *0x12345678
x/32x *0x12345678
Also, I just sold my reel mower, how cool is that ? Emptying these 26m of drain without investing in proper tooling is still a challenge, but we'll get there eventually. Ahh, gravel.
The next challenge doesn't seem that hard, let's solve it tomorrow.