fix: walkthrough addresse in level3

2025-05-07 07:26:54 -04:00 · 2025-05-07 07:26:54 -04:00 · ca011b34f4
commit ca011b34f4
parent 987b5ed921
1 changed files with 1 additions and 1 deletions
--- a/level3/walkthrough
+++ b/level3/walkthrough
@ -13,4 +13,4 @@ By using the `%n` flag, we can change the value of a variable to the length of w
 Since we cannot pass arguments to printf directly, we need to specify the position in the stack of the variable we want `%n` to print to. This is achieved by writing `m`'s address (obtained through gdb, static address since ASLR is disabled) at the beginning of the buffer.
 Finally, we print the 60 (+ 4 bytes for the address have already been printed) so that `m == 64`.
 Here is the command:
-`(python -c 'print "\x8c\x98\x04\x80" + "A"*60 + "%4$n"'; cat) | ./level3`
+`(python -c 'print "\x8c\x98\x04\x08" + "A"*60 + "%4$n"'; cat) | ./level3`