CTFtime.org

pwn5

by skat / IrisCS

Tags: binaryexploitation pwn 

Rating:

# Pwn5

This one is very similar to Pwn4. However, when we pass arguments into the program, it truncates it to only 3 bytes of input.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/pwn5-1.png)

That's fine, because 3 bytes is all I need. I can use a `;` to end `ls`, and then spawn a shell with `sh`.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/pwn5-2.png)

Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/Pwn/Pwn5.md).

Comments