둘둘리둘둘리둘둘리둘둘리둘둘리둘

/* The Lord of the BOF : The Fellowship of the BOF - titan - Remote BOF on Fedora Core 4 - hint : ? - port : TCP 8888*/ #include #include #include #include static char buffer[40];static void (*ftn)(); void print(){ printf("nothing here\n"); fflush(stdout);} int main(){ char buf[48]; ftn = print; printf("titan : What a tragic mistake.\n"); printf("you : "); fflush(stdout); // give me a food fgets..

/* The Lord of the BOF : The Fellowship of the BOF - enigma - Remote BOF on Fedora Core 4 - hint : ? - port : TCP 7777*/ #include #include #include #include int vuln(int canary,char *ptr){ char buffer[256]; int *ret; // stack overflow!! strcpy(buffer,ptr); // overflow protected if(canary != 0x31337) { printf("who broke my canary?!"); exit(1); } // preventing RTL ret = &canary - 1; if((*ret & 0xf..

/* The Lord of the BOF : The Fellowship of the BOF - cruel - Local BOF on Fedora Core 4 - hint : no more fake ebp, RET sleding on random library*/ #include #include #include int main(int argc, char *argv[]){ char buffer[256]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer);} 주어진 힌트대로 풀자면 random library 주소가 ebp+8이 될때까지 ret sleding으로 esp를 내리고 execl을..