1. stdin._IO_buf_base -> stdin
2. stdin._IO_buf_base = stdout, stdin._IO_buf_end = stdout +0x2000
3. stdout.vtable = _IO_helper_table
4. _IO_helper_table.sysclose = setcontext + 53
5. rop + orw
'CTF write-up' 카테고리의 다른 글
| [TRUST-CTF 2020] Fast Restaurant 출제자 writeup (0) | 2020.02.25 |
|---|---|
| [Hitcon 2016] Secret Holder (0) | 2020.01.25 |
| [wargame.0x0.site] babyheap 라이트업 (0) | 2019.10.12 |
| Tokyo Western CTF 2017 - Parrot (0) | 2019.10.02 |
| [hackingcamp2019]bonus (0) | 2019.08.25 |