Last time I tried best shell from PicoCTF 2014. Today I tried to solve the format challenge. Below you will find the details. Here we go...
We will start here:
This pretty listing can be changed to pseudocode:
So simply: if we can modify secret value, we will run give_shell(). Let's see what's inside:
Ok, looks good. :) Running the program:
Checking format string opportunity:
Let's switch to gdb again:
Our value was found on place #7, secret address is known.Now we will use u-modifier and hn:
Checking outside gdb:
It's done. :)
More cases from PicoCTF 2014 you can find here.
See you next time!
Cheers
Brak komentarzy:
Prześlij komentarz