Pie Time

pie_time/.gdb_history

@@ -0,0 +1,14 @@
+exit
+exit
+help
+data 
+help data
+list main
+file vuln
+list main
+exec vuln
+exec-file vuln
+list main
+file vuln
+list main
+exit

pie_time/notes.md

@@ -0,0 +1,3 @@
+- objdump to find adress of main() and win()
+- calculate final adress main_address - main_offset + win_offset
+

pie_time/vuln.c

@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+
+void segfault_handler() {
+  printf("Segfault Occurred, incorrect address.\n");
+  exit(0);
+}
+
+int win() {
+  FILE *fptr;
+  char c;
+
+  printf("You won!\n");
+  // Open file
+  fptr = fopen("flag.txt", "r");
+  if (fptr == NULL)
+  {
+      printf("Cannot open file.\n");
+      exit(0);
+  }
+
+  // Read contents from file
+  c = fgetc(fptr);
+  while (c != EOF)
+  {
+      printf ("%c", c);
+      c = fgetc(fptr);
+  }
+
+  printf("\n");
+  fclose(fptr);
+}
+
+int main() {
+  signal(SIGSEGV, segfault_handler);
+  setvbuf(stdout, NULL, _IONBF, 0); // _IONBF = Unbuffered
+
+  printf("Address of main: %p\n", &main);
+
+  unsigned long val;
+  printf("Enter the address to jump to, ex => 0x12345: ");
+  scanf("%lx", &val);
+  printf("Your input: %lx\n", val);
+
+  void (*foo)(void) = (void (*)())val;
+  foo();
+}