Skip to content

Commit e65a144

Browse files
qhdwightqhdwight
committed
Update readme
1 parent a1ea42d commit e65a144

1 file changed

Lines changed: 15 additions & 16 deletions

File tree

buffer_overflow/solve.py

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -29,22 +29,21 @@
2929
# https://docs.python.org/3/library/stdtypes.html#binary-sequence-types-bytes-bytearray-memoryview
3030
io.recvuntil(b"Enter the password to access Santa Ono's secret vault:")
3131

32-
# "disassemble main" in GDB launched with "gdb buffer_overflow"
33-
# Dump of assembler code for function main:
34-
# 0x00000000004011a3 <+0>: endbr64
35-
# 0x00000000004011a7 <+4>: push rbp
36-
# 0x00000000004011a8 <+5>: mov rbp,rsp
37-
# 0x00000000004011ab <+8>: sub rsp,0x10
38-
# 0x00000000004011af <+12>: lea rdi,[rip+0xe6a] # 0x402020
39-
# 0x00000000004011b6 <+19>: call 0x401060 <puts@plt>
40-
# 0x00000000004011bb <+24>: mov rdx,QWORD PTR [rip+0x2e7e] # 0x404040 <stdin@@GLIBC_2.2.5>
41-
# 0x00000000004011c2 <+31>: lea rax,[rbp-0x10]
42-
# 0x00000000004011c6 <+35>: mov esi,0x20
43-
# 0x00000000004011cb <+40>: mov rdi,rax
44-
# 0x00000000004011ce <+43>: call 0x401070 <fgets@plt>
45-
# 0x00000000004011d3 <+48>: mov eax,0x0
46-
# 0x00000000004011d8 <+53>: leave
47-
# 0x00000000004011d9 <+54>: ret <-- returns to our injected address
32+
# "disassemble get_password" in GDB launched with "gdb buffer_overflow"
33+
# 0x00000000004011a3 <+0>: endbr64
34+
# 0x00000000004011a7 <+4>: push rbp
35+
# 0x00000000004011a8 <+5>: mov rbp,rsp
36+
# 0x00000000004011ab <+8>: sub rsp,0x10
37+
# 0x00000000004011af <+12>: lea rdi,[rip+0xe6a] # 0x402020
38+
# 0x00000000004011b6 <+19>: call 0x401060 <puts@plt>
39+
# 0x00000000004011bb <+24>: mov rdx,QWORD PTR [rip+0x2e7e] # 0x404040 <stdin@@GLIBC_2.2.5>
40+
# 0x00000000004011c2 <+31>: lea rax,[rbp-0x10]
41+
# 0x00000000004011c6 <+35>: mov esi,0x40
42+
# 0x00000000004011cb <+40>: mov rdi,rax
43+
# 0x00000000004011ce <+43>: call 0x401070 <fgets@plt>
44+
# 0x00000000004011d3 <+48>: nop
45+
# 0x00000000004011d4 <+49>: leave
46+
# 0x00000000004011d5 <+50>: ret <-- returns to our injected address
4847

4948
# In assembly you can read "sub rsp,0x10" at the start of "main"
5049
# We need to write past 0x10 bytes to start modifying maliciously

0 commit comments

Comments
 (0)