This is bit of a simple challenge but the concept here is the very important and might be bit difficult to grasp. Here the code part is interesting as the developer in this case forgets to pass on the reference to the variable which we can weaponize and take control of the program. Without the reference or & sign the scanf function treats the variable as a pointer and tries to write information to that address where is “pointing to”. Thus we can overwrite any address in the memory with some other information.
rappel intro
Rappel is a wonderful for understanding the basics of assembly language. Initially assembly language is quite challenging to understand for the programmer as all these registers are quite confusing. Specially it becomes more difficult because the programmer is now limited to using only handful of variables where as in other languages, the number declaring variable appears to be unlimited.
After we download and run the rappel, we can see that
basic gdb
| Disassemble a function | disassemble vuln |
| Disassemble at address | disassemble 0x400566 |
display
| set disassembly-flavor intel |
functions
| to display all the functions | info func |
flags
To view the flags, use the command below:
info reg eflags
breaks
| break at function | break func |
stack
| Display stack | stack |
| view 30 rows of stack | stack 30 |
source
https://cheatography.com/superkojiman/cheat-sheets/gdb-pwndbg/
this site
motivations and technologies used here
how log4j exploit works
details for log4j exploit