exploit1
exploit1.c
We were give an elf32 executable and its code snippet of its handle() function in this challenge:
Our objective is to change the backdoor value to 1, so that the key to this challenge will be read and sent back to us.
buffer[] array is defined to have size of 1016. However in recv(), it is shown that 1020-byte of data will be copied into buffer[], classic case of buffer overflow. So we did what came naturally:
$ python -c "print 'A'*1020" | nc 128.238.66.212 31337
Voila!
No comments:
Post a Comment