@master_canary
!
is the thread canary offset too big, pwntools crashes on sending this payload to overwrite the thread canary.
작성자 정보
답변
2
wyv3rn
무플 방지 위원회장
you need to check that where overflow is occur. (not main function)
nu1lptr
대표 업적 없음
first i created a thread, then i checked the input ,which is at address 0x7ffff73fee40
and the canary is at 0x7ffff7ff6728
and then the offset is 0xbf78e8
.so on the sending this payload to overwrite the master canary. and then doing ret2get_shell in the leave_comment input.
payload1 = b'a'*0xbf78e8 payload1 += b'a'*8
pwntools crashes bcz its too big.So, i guess the offset is wrong .But where i am getting it wrong?