
Same thing as Pwn intended 0x2, but this time our destination isn't as visible
Start by analyzing the binary


Nothing interesting in main. We did notice sym.flag, let's check that out

That's what we want. So it looks like we'll want to jump to 0x004011ce
Same as 0x2, find your padding using python and dmesg.


We can see that we start leaking in at 41, so we'll use 40 for padding.
Script:


---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #exploit_development #buffer_overflow #scripting
Related: