Theme Layout

Boxed or Wide or Framed

Wide

Theme Translation

Display Featured Slider

Featured Slider Styles

Display Grid Slider

yes

Grid Slider Styles

Display Trending Posts

Display Author Bio

Display Instagram Footer

off

Dark or Light Style

Light

Blog Archive

Powered by Blogger.
Navigation Menu

All rights reserved
komorebi 2016

Thursday, February 2, 2017

[Hacker School] FTZ Level16 ( Ver. Eng )

11:39:00 AM
to Read (
Words)



Level16


After accessing level16 account, check the hint as follows.



When viewed in the code. If I call up the shell() function using call function in the main, I can execute the level17 shell. After copying to the tmp folder, I execute the program added a line of code to find out the memory structure.



And then, I analyze the attackme using gdb.



Based on above two analysis, The structure of stack is shown as follows.



I need the address of shell() function. Because I execute the shell() function through the call() function. So, I find address of the shell() function using gdb.



When I disassemble the shell, I find the starting address of shell function. When I type dummy values as 40byte and the address of shell() function, the call function execute the shell() function.



As a result, the level17 shell is executed. I confirm the password of level17 is “king poetic”.


QuickEdit
Unknown
0 Comments
Share This Post :

You Might Also Like

Wargame

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Follow @SunriseSunsetBlog