Browse Source

Fix exploit to work on my system

master
stew3254 1 year ago
parent
commit
aa740ff2ae
  1. BIN
      debug
  2. 11
      exploit_scanf.c
  3. 2
      makefile

BIN
debug

11
exploit_scanf.c

@ -36,16 +36,15 @@ int scanf(const char *fmt, ...) {
res = real_vscanf(fmt, ap);
va_end(ap);
//Cheat code. Anything that's not a digit entered, win the game
if(magic && !isdigit(*((char *)guessptr))) {
// This offset is computed by hand, assuming the
// compiler assigned the stack frame in order (flaky)
int guess;
guessptr += 25; // Skip that pesky array
printf("The gods of randomness smile on you! The answer is %d.\n", guessptr[4]);
printf("Let's move around on the stack to find the random number you really wanted\n");
// This offset is computed by hand, it's not guaranteed to be the same on each system
guess = guessptr[-3];
printf("The gods of randomness smile on you! The answer is %d.\n", guess);
guess = guessptr[4];
guessptr -= 25;
snprintf((char *)guessptr, 100, "%d", guess);
return 1;
}

2
makefile

@ -15,7 +15,7 @@ evil: guess
LD_PRELOAD="$(PWD)/evil_random.so" ./guess
exploit: guess
gcc -ldl -fPIC -shared -o exploit_scanf.so exploit_scanf.c
gcc -ldl -o exploit_scanf.so -fPIC -shared exploit_scanf.c
LD_PRELOAD=$(PWD)/exploit_scanf.so ./guess
shim: guess

Loading…
Cancel
Save