Categories: Security, tech

Smash The Stack  Level 6

this app take 2 argument

1 – username

2- password

it takes it then say hi

also, it checks ur env language

and change the msg

let’s make some love with gdb

btw without change ur language, it will not overwrite the EIP

now we overwrite the EIP

this is awesome


so first  hit my mind what if i put the shell code in env LANG

as we see in the disassemble


i did try to export my shell in LANG  but the shell didn’t work

so lets do it our way

the most important in the source

so i will push the shell code in the username

then call it from the password 😀

simple huh

so we have the right address for shellcode



after doing it from bash direct it gives segmentation fault address’s errors

so i decided to make it another way





  • i tried your solution and it works great but its not working when i change the environmental variable name from n1x to EGG and also my other shellcodes wont work too. in either case i get this message in gdb :
    process is executing new program : /bin/bash

    • I think it works as u notice it spawn new process u may need to set the right address for the shell code or use some NOP sleds

  • hey, nice post!! and I have a question
    actually, I did some work with Making shellcode tutorial by using nasm & objdump
    but, with my shellcode, fail. and yours are fine
    maybe my shellcode has a problem
    How did you get that shell code??
    Can you explain to me??

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.