For those using the arm64 architecture (Apple Silicon), when disassembling the problem above, the first assembler you see pops up... Is there any way to solve it..? I'm using ubuntu 22.04 arm64 version

There was an exercise problem in Exploit Tech: Return Address Overwrite, so I was in the middle of solving the problem. A buffer overflow occurred when the file was opened, and an error called segmentation fault (core dumped) occurred Ah, I thought the core file was finally created, so I entered gdb -c core -q pwndbg: loaded 1

I solved the problem and wrote the export code in python as shown below. from pwn import* if name == 'main': context.log_level = 'debug' payload = b'a' * 0x30 + b'b' * 0x8 + b'\ xAA\ x06\ x40\ x00\ x00\ x00\ x00\ x00\ x00' rmt = r

gdb confirmed that the get_shell address was 4011dd, and sent 48 bytes of buffer, sfp, 8 bytes, and 4011dd. I opened switching to interactive mode and entered ls Got eof whilte reading in interactive pops up and ends... I can do it locally, but I can't do it remotely What

It's called a stack frame pointer, but I'm curious about the purpose, and I'm also curious about why the size could be assumed to be 0x8.

The C code stores the buf size as 0x28, When I analyzed the binary executable file with GDB, it seems that the buf size is 0x30 Can I understand that there was a typo in the C language code?

I solved it, but I don't understand.. Is it the same thing as before? Of course, I thought the memory address was different from computer to computer... I'm really curious Please help

The problem is solved, but the value of char buf is 28, but I'm wondering why buf 30 is included

void init () { setvbuf (stdin, 0, 2, 0); setvbuf (stdout, 0, 2, 0); } What is the meaning of this friend..?

from pwn import* p = remote ('host3.dreamhack.games' ,18210) payload = B'a'0x30 + B'B'0x8 + p64 (0x4006aa) p.sendlineafter ('Input: ', payload) p.interactive () I don't know why...