Thanks for the help F1gureF0ur!
I've made this script in order to generate the string and redirected its output to a file:
Code:
import sys
sys.stdout.write("\"")
i = 1
while i < 255:
sys.stdout.write("\\x")
if i < 16:
sys.stdout.write("0")
sys.stdout.write(hex(i)[2:])
i += 1
print("\"")
Then I put that in my exploit and kept running it with blocks of the string and jotting the bad chars down(the ones that didn't appear on the memory where they should or got replaced with something else). I found some that got replaced with another string, don't really know whether it's a particularity of that exercise or not...
Code:
\x61 -> \x85
\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9e\x9f -> \x3f
\xa2 -> \x9b
\xa3 -> \x9c
\xa7 -> \x15
\xa9 -> \x22
\xaa -> \xa6
\xac -> \xaa
\xb0 -> \xf8
\xb2 -> \xfd
\xb3 -> \x33
\xb8 -> \x27
\xb9 -> \x31
\xba -> \xa7
\xbb -> \x3d
\xbc -> \x2c
\xbd -> \x2d
\xbe -> \x2e
\xbf -> \x3b
\xc0 -> \x27
\xdc -> \x5d
\xdd -> \x5b
\xde -> \x7e
\xe3\xe4 -> \x30
\xe2 -> \x5c
\xe7 -> \x87
Well, I've also tried to put these chars in another positions of the array, some got replaced again, some haven't... I'm pretty confused right now...
These are the ones that did not appear in the memory:
Code:
\x07\x08\x0a\x0d\x13\x14\x1b\x25\x28\x29\x2b\x5e\x5f\x60\x7b\x7d\x7e\x7f\x81\x8d\x8f\x90\x9d\xa0\xa1\xa4\xa5\xa6\xa8\xab\xad\xae\xaf\xb1\xb4\xb5\xb6\xb7\xc3\xc4\xc5\xc6\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1
Am I doing this the right way? Let me know if you tried this exercise and what did you do in order to solve the puzzle...
Thank you again.
AWBO Buffer Overflow Exercise
Originally Posted by F1gureF0ur
