I am trying to exploit a program with a buffer overflow for a class. The program has a canary enabled and when you smash the stack it exits. When running the program in gdb you can set a breakpoint right before the call for user input and grab the canary off the stack. I attemped adding X amounts of A values to find where the canary is overwritten. Partial relro is on and ALSR is disabled. After 71 A's the 72nd causes a stack smash detected and bricks. I tried to enter the canary after the 71 A's in little endian like so AA...A\x00..etc but its still detecting the smash. Am I missing something here? The program is difficult to brute force as it opens a netcat listener on port 1215. From there you have to nc and then are prompted for the message. Ive tried manually entering it and passing it to the listener as a python script.
Asked
Active
Viewed 161 times
