Format String 1
This commit is contained in:
Maxime Vorwerk
1
format_string_1/flag.txt
Normal file
1
format_string_1/flag.txt
Normal file
@@ -0,0 +1 @@
|
|||||||
|
flagFLAG
|
||||||
BIN
format_string_1/format-string-1
Executable file
BIN
format_string_1/format-string-1
Executable file
Binary file not shown.
44
format_string_1/format-string-1.c
Executable file
44
format_string_1/format-string-1.c
Executable file
@@ -0,0 +1,44 @@
|
|||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
|
||||||
|
int main() {
|
||||||
|
char buf[1024];
|
||||||
|
char secret1[64];
|
||||||
|
char flag[64];
|
||||||
|
char secret2[64];
|
||||||
|
|
||||||
|
// Read in first secret menu item
|
||||||
|
FILE *fd = fopen("secret-menu-item-1.txt", "r");
|
||||||
|
if (fd == NULL){
|
||||||
|
printf("'secret-menu-item-1.txt' file not found, aborting.\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
fgets(secret1, 64, fd);
|
||||||
|
// Read in the flag
|
||||||
|
fd = fopen("flag.txt", "r");
|
||||||
|
if (fd == NULL){
|
||||||
|
printf("'flag.txt' file not found, aborting.\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
fgets(flag, 64, fd);
|
||||||
|
// Read in second secret menu item
|
||||||
|
fd = fopen("secret-menu-item-2.txt", "r");
|
||||||
|
if (fd == NULL){
|
||||||
|
printf("'secret-menu-item-2.txt' file not found, aborting.\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
fgets(secret2, 64, fd);
|
||||||
|
|
||||||
|
printf("Give me your order and I'll read it back to you:\n");
|
||||||
|
fflush(stdout);
|
||||||
|
scanf("%1024s", buf);
|
||||||
|
printf("Here's your order: ");
|
||||||
|
printf(buf);
|
||||||
|
printf("\n");
|
||||||
|
fflush(stdout);
|
||||||
|
|
||||||
|
printf("Bye!\n");
|
||||||
|
fflush(stdout);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
BIN
format_string_1/format-string-1_patched
Executable file
BIN
format_string_1/format-string-1_patched
Executable file
Binary file not shown.
1
format_string_1/secret-menu-item-1.txt
Normal file
1
format_string_1/secret-menu-item-1.txt
Normal file
@@ -0,0 +1 @@
|
|||||||
|
secret1
|
||||||
1
format_string_1/secret-menu-item-2.txt
Normal file
1
format_string_1/secret-menu-item-2.txt
Normal file
@@ -0,0 +1 @@
|
|||||||
|
secret2
|
||||||
30
format_string_1/sol.py
Executable file
30
format_string_1/sol.py
Executable file
@@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
from pwn import *
|
||||||
|
|
||||||
|
exe = ELF("./format-string-1_patched")
|
||||||
|
|
||||||
|
context.binary = exe
|
||||||
|
|
||||||
|
|
||||||
|
def conn():
|
||||||
|
if args.LOCAL:
|
||||||
|
r = process([exe.path])
|
||||||
|
if args.DEBUG:
|
||||||
|
gdb.attach(r)
|
||||||
|
else:
|
||||||
|
r = remote("addr", 1337)
|
||||||
|
|
||||||
|
return r
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
r = conn()
|
||||||
|
|
||||||
|
# good luck pwning :)
|
||||||
|
|
||||||
|
r.interactive()
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
Reference in New Issue
Block a user