You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: polictf-2015/johns-shuffle/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ John is completely drunk and unable to protect his poor stack.. Fortunately he c
14
14
## Recon
15
15
The first shot at overflowing by throwing a ton of `A`'s worked. I don't actually know what the vulnerbility was, as I didn't open the binary in IDA.
16
16
17
-
Once we have control of EIP, and the fact that NX is on, we have to start ROP'ing. Using `pwntools`, We immediately see that we have `system` in our binary, but not the string `/bin/sh`. In order to ROP into `system` we have to have a pointer to the string `/bin/sh`. No worries though, because we also have `read` in our binary.
17
+
Once we have control of EIP, and the fact that NX is on, we have to start ROP'ing. Using `pwntools`, we immediately see that we have `system` in our binary, but not the string `/bin/sh`. In order to ROP into `system` we have to have a pointer to the string `/bin/sh`. No worries though, because we also have `read` in our binary.
0 commit comments