0XDiablos bad characters?

Doing my first ever BOF and I need a nudge. I've found the offset for the EIP. My strategy at this point is to overwrite it with the address of the flag function. The problem is that I can overwrite it with stuff like "AAAA" or "BBCC" but as soon as I try to put in the correct hex for the return address, I get garbage in the EIP. I suspect some kind of "bad character" issue, but
maybe I'm totally going down the wrong path. Am I off base here? Thanks for any help. I'm not very good at asking for it.

Comments

  • I have the same problem here, I was looking for help

  • You can send them via echo -e "...\xFF" and you'll run jump to the function, I can jump to the specific funciton and run it but only locally. I'm having trouble sending the payload to the server

  • Don't forget to take into account the little-endianness of the architecture when writing your payload. If what you have in the EIP is backwards then that's the problem.

  • Yah. It's always the endianness that gets me on those too. Even when I remember it, i will do something silly like reverse the whole thing. Hehe.

    Hack The Box

Sign In to comment.