Okay so we have a bof, can we get it to redirect IP (instruction pointer) to something else?
If you get stuck liveoverflow covers you again!
nc thekidofarcrania.com 4902
1 week ago
why the hell would python3 print c2's ,what are this c2's
1 month ago
Can somebody please explain why there are 12 Bytes between the "padding variable" and the return address? I know that in those 12 Bytes there is EBP, but it is only 4 bytes long.
4 months ago
Great challenge :)
To anyone who can read this, kindly use python2 when working with bin xploits. Python 3 has an annoying byte-ascii conversion
3 months ago
Open gdb, put break point at win, see the address printed
very nice challenge
5 months ago
Took me an entire day! I was looking ebx which I correctly overrided with the win address. That's not the crux of solving this and I wasted time wondering why. After almost a day, it dawned on me to also look at the buff visualisation and realised I haven't overflowed enough to reach the return address. And last but not least, I was wondering why gdb run told me that flag.txt was not found and then realised I need to redurect my python exploit file into the server version because the flag file is on the server, not locally.
The liveoverflow video can be found on youtube: https://www.youtube.com/watch?v=8QzOC8HfOqU&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=15
9 months ago
I wish these liveoverflow links you posted still worked.
1 year ago
assembly language and gdb, stack must understand.