tag:blogger.com,1999:blog-2028349934872232952.post2392876726318341593..comments2023-04-26T08:14:31.484-05:00Comments on Nullify CTF Team: CSAW 2013 Exploit 200Anonymoushttp://www.blogger.com/profile/06638578980146994228noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-2028349934872232952.post-21351870582889744292014-10-18T14:28:35.232-05:002014-10-18T14:28:35.232-05:00Hello, I don't know if this blog is still aliv...Hello, I don't know if this blog is still alive however I want to know why there is a 12-byte padding after the canary(before the ret address.) Why is that? Can anyone please explain? Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2028349934872232952.post-24831994865876416482013-09-24T12:10:08.004-05:002013-09-24T12:10:08.004-05:00My main question is :
why you add nop sled?
# Ex...My main question is :<br /><br />why you add nop sled?<br /><br /># Expoit to send to server<br />exploit = nop_sled + shellcode + PAD + canary + filler + buf_address<br /><br /><br />after ret instruction EIP is on start of shellcode why you add additional padding with NOPs?Anonymoushttps://www.blogger.com/profile/00405727073086672752noreply@blogger.comtag:blogger.com,1999:blog-2028349934872232952.post-593968822397208562013-09-24T09:51:56.281-05:002013-09-24T09:51:56.281-05:00Why problem make when you no problem have you don&...Why problem make when you no problem have you don't want to make.hogghttps://www.blogger.com/profile/06699552595577461857noreply@blogger.comtag:blogger.com,1999:blog-2028349934872232952.post-90382301196433857202013-09-23T16:20:16.241-05:002013-09-23T16:20:16.241-05:00Hello, I am new in exploit tasks, I try to solve t...Hello, I am new in exploit tasks, I try to solve this challenge, but my exploit code excellent work on my local computer and bind shell to 127.0.0.1 port 11111. But when I sent code to remote server my code not work. <br />I try to understand what is wrong<br /> I get shell codes from http://shell-storm.org/ instead of developing own <br /> try all tcp shell codes most of them correctly work on my local computer but on remote server not work <br /><br />Do you use your own developed shell code?<br /> Given elf file is x86 32 bit my local computer is Ubuntu 32 bit<br />I think server os should be compatible<br /><br />Also I read your python file and see that string:<br /><br /># Create NOP sled <br /> nop_sled = '\x90' * (BUFF_SIZE - len(shellcode) - len(PAD) )<br /><br /># Expoit to send to server<br /> exploit = nop_sled + shellcode + PAD + canary + filler + buf_address<br /><br />why you add nop string?<br /><br />my code was like <br />exploit = shellcode + CalculatedPadding + canary + 12bytepadding+ buf_address<br /><br />after ret instruction EIP is on start of shellcode why you add additional padding with NOPs?<br /><br />Anonymoushttps://www.blogger.com/profile/00405727073086672752noreply@blogger.com