Changed shellcode to include backup of registers and stuck. Now prevents stack smashing detection via the stack canaries

2025-12-27 03:43:09 +08:00 · 2022-04-07 19:47:53 -04:00
parent be5605db5f
commit 621e42e2e8
6 changed files with 12851 additions and 14295 deletions
--- a/src/helpers/.gdb_history
+++ b/src/helpers/.gdb_history
@@ -1,238 +1,4 @@
 q
-disass main 
-q
-disass main
-b *(main+186)
-b *(main+448)
-r
-checkpoint
-si
-restore 1
-restore
-restart
-restart 1
-si
-restart 1
-si
-restart 1
-restart 1
-context
-context all
-si
-restart 1
-q
-b *(main+186)
-b *(main+448)
-r
-si
-q
-disass main
-b *(main+184)
-b *(main+446)
-r
-si
-x/20b 0x555555557fd0
-c
-si
-x/20b 0x555555557fd0
-q
-b *(main+184)
-b *(main+446)
-r
-si
-c
-si
-find 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-find 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-q
-b *(main+184)
-b *(main+446)
-r
-si
-q
-b *(main+184)
-r
-si
-x/20b 0x555555557fd0
-q
-b *(main+184)
-r
-si
-q
-b *(main+184)
-r
-si
-q
-r
-q
-q
-r
-q
-r
-q
-q
-b *(test_time_values_injection+94)
-disass test_time_values_injection 
-b *(test_time_values_injection+167)
-r
-q
-b *(test_time_values_injection+167)
-r
-si
-q
-b *(test_time_values_injection+167)
-r
-x/10s 0x41350
-x/10s 0x405130
-x/10b 0x405130
-x/10i 0x405130
-q
-r
-q
-r
-q
-disass test_time_values_injection 
-b *(test_time_values_injection+94)
-r
-si
-fin
-fin
-si
-q
-b *(test_time_values_injection+94)
-r
-si
-x/20b 0x555555559fb0
-si
-x/20b 0x555555559fb0
-q
-r
-q
-r
-q
-b *(test_time_values_injection+94)
-r
-si
-si
-x/20b 0x555555559fb0
-x/20i 0x555555559fb0
-q
-b *(test_time_values_injection+94)
-r
-si
-x/20i 0x555555559fb0
-x/20b 0x555555559fb0
-si
-x/20b 0x555555559fb0
-x/20i 0x555555559fb0
-q
-r
-q
-r
-q
-r
-q
-r
-q
-r
-q
-b *(main+184)
-r
-si
-q
-b *(main+184)
-r
-si
-q
-b *(main+184)
-r
-si
-find 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-find 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0x555555555000 0x555555556000
-q
-b *(main+184)
-r
-si
-x/20i 0x555555559fb0
-x/20b 0x555555559fb0
-c
-q
-x/20b 0x555555559fb0
-b *(main+184)
-r
-si
-x/20b 0x555555559fb0
-x/20b 0x555555557df0
-q
-b *(main+184)
-r
-si
-q
-b *(main+184)
-r
-si
-b *(main+446)
-c
-si
-x/20b 0x555555557fd0
-x/20i 0x555555557fd0
-x/20i 0x555555555664
-x/20b 0x555555557fd0
-x/20b 0x555555555664
-q
-b *(main+446)
-r
-si
-x/20b 0x555555555664
-q
-b *(main+446)
-b *(main+184)
-r
-x/20b 0x555555555664
-q
-b *(main+446)
-r
-si
-x/20b 0x555555555664
-q
-b *(main+446)
-r
-si
-x/20b 0x555555555664
-q
-b *(main+446)
-r
-Q
-q
-b *(main+446)
-r
-si
-x/40i 0x555555555664
-x/40b 0x555555555664
-q
-b *(main+446)
-r
-si
-x/40i 0x555555555664
-q
-b *(main+446)
-r
-si
-x/40i 0x555555555664
-x/40b 0x5555555556c6
-q
-b *(main+446)
-r
-si
-x/40i 0x555555555664
-ni
-x/40b 0x5555555556c6
-x/40i 0x555555555664
-x/40b 0x5555555556c6
-x/40i 0x555555555664
-x/40b 0x555555555664
-disass /r 0x555555555664
-q
 b *(main+446)
 r
 si
@@ -254,3 +20,237 @@ si
 fin
 si
 q
+disass main
+b *(main+186)
+r
+si
+q
+disass main
+b *(main+126)
+r
+si
+disass /r main
+x/10b 7ffff7fc7a92
+x/10b 0x7ffff7fc7a92
+x/10i 0x7ffff7fc7a92
+x/10i 7ffff7fc77c0
+x/10i 0x7ffff7fc77c0
+x/10b 0x7ffff7fc77c0
+q
+b *(main+126)
+r
+si
+q
+b *(main+126)
+r
+si
+q
+disass main
+b *(main+184)
+r
+si
+q
+diass main
+disass main
+r
+q
+b *(main+184)
+r
+si
+disass main
+b *(main+446)
+c
+si
+fin
+ni
+q
+b *(main+184)
+r
+si
+q
+disass main
+b *(main+175)
+r
+si
+fin
+x/5i 0x404040
+x/5b 0x404040
+q
+starti
+checksec
+q
+disass main
+b *(main+446)
+r
+si
+x/60b 0x555555555664
+q
+disass main
+b *(main+446)
+r
+ssi
+si
+ni
+1
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+si
+ni
+si
+q
+b *(main+446)
+r
+si
+ni
+si
+si
+si
+fin
+q
+b *(main+446)
+r
+si
+ni
+si
+ni
+q
+b *(main+446)
+r
+si
+si
+ni
+si
+ni
+si
+si
+s
+q
+b *(main+446)
+r
+ni
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+ni
+si
+q
+r
+q
+b *(main+446)
+r
+si
+ni
+si
+ni
+si
+si
+si
+si
+display $fs
+display $fs:0x28
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+si
+ni
+si
+ni
+si
+q
+b *(main+446)
+r
+si
+q
+b *(main+446)
+r
+si
+ni
+si
+si
+ni
+q
+r
+q
+b *(main+446)
+r
+si
+c
+q
+r
+r
+q
+b *(main+446)
+r
+si
+ni
+si
+ni
+si
+q
+b *(main+446)
+r
+si
+ni
+q
+b *(main+446)
+r
+si
+q
+b *(main+446)
+r
+si
+ni
+si
+ni
+si
+q
+b *(main+446)
+r
+si
+ni
+si
+q
+b *(main+446)
+r
+si
+q