๐ปELF x86 - Stack buffer overflow basic 3
Note : A JOURNEY TO GAIN KNOWLEDGE
#include <stdio.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
void shell(void);
int main()
{
char buffer[64];
int check;
int i = 0;
int count = 0;
printf("Enter your name: ");
fflush(stdout);
while(1)
{
if(count >= 64)
printf("Oh no...Sorry !\n");
if(check == 0xbffffabc)
shell();
else
{
read(fileno(stdin),&i,1);
switch(i)
{
case '\n':
printf("\a");
break;
case 0x08:
count--;
printf("\b");
break;
case 0x04:
printf("\t");
count++;
break;
case 0x90:
printf("\a");
count++;
break;
default:
buffer[count] = i;
count++;
break;
}
}
}
}
void shell(void)
{
setreuid(geteuid(), geteuid());
system("/bin/bash");
}
Phรขn tรญch:
Dแปฑa vร o thแปฉ tแปฑ khai bรกo biแบฟn, ta cรณ thแป phรกt thแบฃo thแปฉ tแปฑ trong stack nhฦฐ sau:

Nhฦฐ vแบญy khรกc vแปi cรกc chall 1 vร 2, lรบc nร y biแบฟn
check
ฤฦฐแปฃc khai bรกo sau biแบฟnbuffer
ta khรดng thแป nhแบญp trร n ฤแป ghi ฤรจ giรก trแป lรชn checkLรบc nร y review lแบกi code ฤแป รฝ mแปt hร m lแบก lแบซm
read(
fileno
(stdin),&i,1);

Nhฦฐ vแบญy hร m nร y giรบp ta ฤแปc tแปซng kรญ tแปฑ cแปงa chuแปi nhแบญp vร o, nรชn nhแป buff ฤฦฐแปฃc lฦฐu dฦฐแปi dแบกng chuแปi mรฌnh cรณ thแป truy xuแบฅt tแปซng phแบงn tแปญ :

ฤแป รฝ case sau:
case 0x08:
count--;
printf("\b");
Nhฦฐ vแบญy รฝ tฦฐแปng lรบc nร y ta cรณ thแป ฤแปc lแบกi tแปซng phแบงn tแปญ cแปงa check vร thay ฤแปi giรก trแป cแปงa chรบng bแบฑng viแปc giแบฃm giรก trแป biแบฟn count vร ghi ฤรจ vร i tแปซng bytes tฦฐฦกng แปฉng vแปi format little-endiant
default:
buffer[count] = i;
count++;

flag: Sm4shM3ify0uC4n
Last updated