Problem hackthebox academy Stack-Based Buffer Overflows on Windows x86
by 54C3 - Friday June 16, 2023 at 09:20 PM
#1
So I was doing this module Stack-Based Buffer Overflows on Windows x86. It is on hackthebox academy website. It was going fine until the chapter "Finding a Return Instruction".

The question in exercise is "Try to search the 'cdextract.exe' binary for 'PUSH ESP;RET' instruction as pattern '54C3'. What is the address of the first result you get?"

I rdp into machine open x32dbg run cdextract.exe and attach process. Then I click ctrl + b (as they said to do) and look for pattern '54C3' firstly I found two addresses none of them worked after that I realized that I did not clicked Entire Block button It returned 3 additional addresses. I submitted all of them one by one as answer, but none of them were correct.
Those are the addresses: 77AEEEA8, 77AF02A2, 77B3DDC1, 77BCD627, 77BCD67F

What am I doing wrong? Should the answer be in diffrent format?
Reply
#2
So may be before want to do dôme bof windows. Try on linux. U can use ROPGADGET to find some xxx ; ret
Reply
#3
(06-17-2023, 11:23 PM)Raphgui Wrote: So may be before want to do dôme bof windows. Try on linux. U can use ROPGADGET to find some xxx ; ret

Thanks I will try.
Reply
#4
(06-18-2023, 11:24 AM)54C3 Wrote:
(06-17-2023, 11:23 PM)Raphgui Wrote: So may be before want to do dôme bof windows. Try on linux. U can use ROPGADGET to find some xxx ; ret

Thanks I will try.

I mean u also can do a ret2winexec.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network kitang 0 611 07-19-2023, 11:54 AM
Last Post: kitang



 Users browsing this thread: 2 Guest(s)