29 lines
759 B
Plaintext
29 lines
759 B
Plaintext
== Call me maybe ==
|
|
|
|
=== Description ===
|
|
|
|
We are given a mysterious address, can we use it to recover the flag?
|
|
|
|
=== Flag ===
|
|
|
|
Whatever is set in the environment variable IG_FLAG
|
|
|
|
=== Public Files ===
|
|
|
|
No file should be given
|
|
|
|
=== Challenge internals ===
|
|
|
|
Classical buffer overflow, replace the return address with address given, this will print the flag.
|
|
Basically, just enter 40 A's and the address in little endian.
|
|
|
|
+-------------------------+-----------------+-----------------+
|
|
| 32 byte buffer | EBP 8 bytes | RET ADDR |
|
|
+-------------------------+-----------------+-----------------+
|
|
^replace with A ^replace with A ^replace with addr
|
|
|
|
|
|
=== Deployment instructions ===
|
|
|
|
TODO, something something netcat?
|