Level9
Use the level9 password “apple” to access the level9 account. and check the hint.
In this bof program, when the string ‘go’ is entered in the fist 2 bytes of bur2 array, the shell is executed with the permission of level10. To solve the problem, we created a program in tmp Directory that is identical to the source of bof, and we figured out the
stack structure.
The total size of the stack is 40 bytes. Next, I tried to add the following code to see the distance between bug and buf2.
The distance between buf and buf2 is 0x10 (16bytes) apart. Based on this, the stack can be represented as:
When I create a payload based on the stack structure, it is likely that a level10 shell will be executed if i fill in characters by 16bytes first, then fill the next 2bytes with the ‘go’ string.
When I type the payload, I can see the password of level10 account.
No comments:
Post a Comment