You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -12,7 +12,7 @@ John is completely drunk and unable to protect his poor stack.. Fortunately he c
```
## Recon
The first shot at overflowing by throwing a ton of `A`'s worked. E don't actually know what the vulnerbility was, as I didn't open the binary in IDA.
The first shot at overflowing by throwing a ton of `A`'s worked. We don't actually know what the vulnerbility was, as I didn't open the binary in IDA.
Once we have control of EIP, and the fact that NX is on, we have to start ROP'ing. Using `pwntools`, We immediately see that we have `system` in our binary, but not the string `/bin/sh`. In order to ROP into `system` we have to have a pointer to the string `/bin/sh`. No worries though, because we also have `read` in our binary.
