Add description and notesHEAD master

author: Louis Burda <quent.burda@gmail.com> 2024-04-05 20:15:45 +0200
committer: Louis Burda <quent.burda@gmail.com> 2024-04-05 20:15:45 +0200
commit: 66aad836f9e7dd5de4bdbf012c388e221614da5c (patch)
tree: 7c76d3005acb2eb510820129124b4f3385e21b46 /solve/notes
parent: 88f4ea4c85a4224515ba1146b8058bce9e2a1994 (diff)
download: cscg2024-pwn-master.tar.gz
cscg2024-pwn-master.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/solve/notes b/solve/notes
new file mode 100644
index 0000000..25dae7b
--- /dev/null
+++ b/solve/notes
@@ -0,0 +1,10 @@
+We can use format string exploit to leak values from the stack.
+
+This reveals the base address..
+
+We can look up the function offset from the base address
+by inspecting where the function lies within the code segment.
+
+objdump -d | grep WIN
+
+gives 0x9ec
author	Louis Burda <quent.burda@gmail.com>	2024-04-05 20:15:45 +0200
committer	Louis Burda <quent.burda@gmail.com>	2024-04-05 20:15:45 +0200
commit	66aad836f9e7dd5de4bdbf012c388e221614da5c (patch)
tree	7c76d3005acb2eb510820129124b4f3385e21b46 /solve/notes
parent	88f4ea4c85a4224515ba1146b8058bce9e2a1994 (diff)
download	cscg2024-pwn-master.tar.gz cscg2024-pwn-master.zip