Last active
August 29, 2015 14:14
-
-
Save otms61/2d9599392ca95ef720a7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int first_attack(int socket) { | |
| int stuck_gurd = gs_14; | |
| write(socket, 'left or right? (l/r) \n', 0x15); | |
| read(socket, buf, 4); | |
| if(buf[0] == 'l') { | |
| write(socket, "left-fist attack!\n", 0x12); | |
| } | |
| else if(buf[0] == 'r') { | |
| write(socket, "(special attack?!)\n", 0x13); | |
| read(socket, buf, 4); | |
| //avoid 0x08xxxxxx | |
| // only libc | |
| if (buf[3] == 8) { | |
| return; | |
| } | |
| buf(); | |
| } | |
| write(socket, "Sorry, nothing happened.\n\n", 0x1a) | |
| if (stuck_gurd != gs_14) | |
| { | |
| __stack_chk_fail(); | |
| } | |
| return; | |
| } | |
| void throw_mouse(int socket) { | |
| char buf[6]; | |
| fp = open('mouse.txt', 'r'); | |
| write(socket, "Are you sure? (y/n) ", 0x14); | |
| read(socket, buf, 110); | |
| if (buf[0] != 'y') | |
| { | |
| n = sprintf(s, "You choose '%s'!\n", buf); // leak cookie and exploit! | |
| write(socket, s, n); | |
| n = read(fp, s, 5000); | |
| write(socket, s, n); | |
| write(socket, "\n\"MOUSE!!!!!!!!! (HP - 25)\"\n", 0x1c); | |
| lifepoint -= 0x19; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment