starnakin/42_rainfall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: walkthrough addresse in level3

Browse Source
This commit is contained in:
starnakin 2025-05-07 07:26:54 -04:00
parent 987b5ed921
commit ca011b34f4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
level3/walkthrough
View File

@ -13,4 +13,4 @@ By using the `%n` flag, we can change the value of a variable to the length of w
Since we cannot pass arguments to printf directly, we need to specify the position in the stack of the variable we want `%n` to print to. This is achieved by writing `m`'s address (obtained through gdb, static address since ASLR is disabled) at the beginning of the buffer. Since we cannot pass arguments to printf directly, we need to specify the position in the stack of the variable we want `%n` to print to. This is achieved by writing `m`'s address (obtained through gdb, static address since ASLR is disabled) at the beginning of the buffer.
Finally, we print the 60 (+ 4 bytes for the address have already been printed) so that `m == 64`. Finally, we print the 60 (+ 4 bytes for the address have already been printed) so that `m == 64`.
Here is the command: Here is the command:
`(python -c 'print "\x8c\x98\x04\x80" + "A"*60 + "%4$n"'; cat) | ./level3` `(python -c 'print "\x8c\x98\x04\x08" + "A"*60 + "%4$n"'; cat) | ./level3`