Theme Layout

Boxed or Wide or Framed

Wide

Theme Translation

Display Featured Slider

Featured Slider Styles

Display Grid Slider

yes

Grid Slider Styles

Display Trending Posts

Display Author Bio

Display Instagram Footer

off

Dark or Light Style

Light
Powered by Blogger.
Navigation Menu

All rights reserved
komorebi 2016

Thursday, December 8, 2016

[Pwnable.kr/Toddler's Bottle] Bof ( Solved 16.12.08 )

3:57:00 PM
to Read (
Words)

# Problem.

  This problem is about the buffer overflow vulnerability.


# How To Solve.

  First of all, 
  Download bof ( http://pwnable.kr/bin/bof ) & bof.c ( http://pwnable.kr/bin/bof.c)  
  and i look the bof.c, it looks as follows.
  
  

first, look at the main function, I notice that the 0xdeadbeef is calling the func() as a transfer factor. and then, look the func() function, I notice that if key == 0xcafebabe, system("/bin/sh") is excuted. 
 To change the key value 0xcafebabe, I analyzed the bof using the gdb. 


and I disassemble <func>. It looks as follows.


From <+29> to <+40>, It can be seen that the distance from buffer to ret is 52bytes. So, I can change the key value by filling the dummy value by 52 bytes and filling with 0xcafebabe. 

Here is the payload and flag.



QuickEdit
Unknown
0 Comments
Share This Post :

You Might Also Like

Wargame

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Follow @SunriseSunsetBlog