39 lines
645 B
C
39 lines
645 B
C
|
// gcc -o ./pwn -fno-stack-protector -no-pie ./ez_overflow.c
|
||
|
|
#include <stdio.h>
|
||
|
|
#include <stdlib.h>
|
||
|
|
#include <string.h>
|
||
|
|
#include <fcntl.h>
|
||
|
|
#include <unistd.h>
|
||
|
|
#define BUFSIZE 32
|
||
|
|
#define FLAGSIZE 64
|
||
|
|
void init() {
|
||
|
|
setvbuf(stdin, 0LL, 2, 0LL);
|
||
|
|
setvbuf(stdout, 0LL, 2, 0LL);
|
||
|
|
setvbuf(stderr, 0LL, 2, 0LL);
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
void win() {
|
||
|
|
char buf[FLAGSIZE];
|
||
|
|
int fd = open("flag", O_RDONLY);
|
||
|
|
read(fd, buf, sizeof(buf));
|
||
|
|
puts(buf);
|
||
|
|
close(fd);
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
void vuln(){
|
||
|
|
char buf[BUFSIZE];
|
||
|
|
gets(buf);
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
int main(int argc, char **argv){
|
||
|
|
init();
|
||
|
|
printf("How to jump to 0x%x\n", win);
|
||
|
|
puts("Please enter your string: ");
|
||
|
|
vuln();
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
|