#include <stdio.h>
int main() {
int cookie;
char buf[80];
printf("buf: %08x cookie: %08x\n", &buf, &cookie);
gets(buf);
if (cookie == 0x01020005)
printf("you win!\n");
}
Not much is new here. We exploit this the same was we did the first two except that we have a null character (ctrl @).
I want to point out one thing that I didn't mention on my previous posts. The address of cookie and buf are printed out so we don't really need to "guess" where they are on the stack. I ignored this before, because in real programs, the address values are rarely printed out.
No comments:
Post a Comment
Have something you want to say? You think I'm wrong? Found something I said useful?
Leave a comment!