Flamegraphing in Rust can now be done with a new cargo subcommand. Please check this out before embarking on the legacy journey below:
https://github.com/flamegraph-rs/flamegraph
perf, using Brendan Gregg's guide:
http://www.brendangregg.com/perf.html#Prerequisitesflamegraph from repo:In process_hash, the size of input is 1024, the size after b64d is 512, however, it should be 1024*3/4, so there's a buffer overflow here.
Because of the stack canary, we can do nothing. I was confused here until I noticed the canary is also used in my_hash to generate random number. Since the canary is gs:0x14, it's always the same in all function calls.
We can calculate the canary value from the captcha because the seed of randomization is the current time, we can fetch it from http request to http://pwnable.kr.
After trying input b64e("AAAA"*(768/4)) to the program, jump to pass the canary check and break at ret, we can notice that the top of stack is AAAA....
| #!/bin/sh | |
| sudo apt-get remove --purge vim vim-runtime vim-gnome vim-tiny vim-common vim-gui-common | |
| sudo apt-get install liblua5.1-dev luajit libluajit-5.1 python-dev ruby-dev libperl-dev mercurial libncurses5-dev libgnome2-dev libgnomeui-dev libgtk2.0-dev libatk1.0-dev libbonoboui2-dev libcairo2-dev libx11-dev libxpm-dev libxt-dev | |
| sudo mkdir /usr/include/lua5.1/include | |
| sudo ln -s /usr/include/luajit-2.0 /usr/include/lua5.1/include | |
| cd ~ | |
| hg clone https://code.google.com/p/vim/ |
People
 :bowtie: |
π :smile: |
π :laughing: |
|---|---|---|
π :blush: |
π :smiley: |
:relaxed: |
π :smirk: |
π :heart_eyes: |
π :kissing_heart: |
π :kissing_closed_eyes: |
π³ :flushed: |
π :relieved: |
π :satisfied: |
π :grin: |
π :wink: |
π :stuck_out_tongue_winking_eye: |
π :stuck_out_tongue_closed_eyes: |
π :grinning: |
π :kissing: |
π :kissing_smiling_eyes: |
π :stuck_out_tongue: |
| /* | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| */ | |
| #include <arpa/inet.h> | |
| #include <linux/if_packet.h> | |
| #include <stdio.h> |
