SMASH THE STACK LEVEL 5

still smashing 😀

echo one 😀

let’s see the source code

strcpy 😀 today I meet many strcpy so nice my memory will be hardcoded with strcpy let’s smash it

we have 128 buffer lol

 

now gdb love 😀

 

EIP overwrite

lets figure how it works in memory

I did breakpoint to navigate more

 

so we are here lets set the payload

we need some NOP with payload and the EIP address
I like backup this address 0xbffffde3
so lets write out payload

 

nice but the bad news is it didn’t work from outside the gdb so i have to custom it lil bit

 

and w00t

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.