목록Wargames/Lord Of Bof (4)
Solutions Level 1 - off-by-one %ecx register overflow ; first we know about environment of Fedora 5 ; prologue and epilogue is changed ; by ecx register, it works as stack guard and stack shield ; normally we can't control ret address directly , bu..
Solutions Level 1 - up-upgraded simple buffer overflow ; no more fake ebp ; random library ; like FC3 level1 prob, use ret to ret for escaping random stack ; when using 12 ret, execve's argv of 2 is null ; ret address : 0x08048451 ; execve address : ..
Solutions Level 1 - upgraded simple buffer overflow ; because of Operation System, there are some limits like random stack, ASLR, Ascii Armor, etc memory protection ; so we'd like to use RTL or ROP attack rather than using shellcode ; hint is fake eb..
Solutions Level 1 - Simple Buffer Overflow ; buffer | ebp | ret ; ; need to run with bash2 because of \x00 and \xff ; shellcode : \x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x..