picoCTF buffer overflow 0 [100 points]
buffer overflow 0
points:100
Description
Smash the stack Let’s start off simple, can you overflow the correct buffer? The program is available here. You can view source here. And connect with it using:
Hints
How can you trigger the flag to print?
If you try to do the math by hand, maybe try and add a few more characters. Sometimes there are things you aren't expecting.
Run man gets and read the BUGS section. How many characters can the program really read?
Solution
1 | gcc vuln.c -m32 -fno-stack-protector -z noexecstack -o vuln |
看到 sigsegv_handler function
得知只要緩衝區溢位就能print出flag
1 | void sigsegv_handler(int sig) { |
使用pwntools 送值
1 | from pwn import * |
flag:
picoCTF{ov3rfl0ws_ar3nt_that_bad_ef01832d}
本部落格所有文章除特別聲明外,均採用 CC BY-NC-SA 4.0 許可協議。轉載請註明來自 LuYee6813's Blog!