From ccbb221ab1550ce793576a64fd6e40e9d3dec543 Mon Sep 17 00:00:00 2001 From: Laza Sergiu Date: Thu, 10 Apr 2025 13:44:37 +0200 Subject: [PATCH] Changed the first byte of the payload to ressemble the parameter. --- docs/binary-exploitation/buffer-overflow.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/binary-exploitation/buffer-overflow.md b/docs/binary-exploitation/buffer-overflow.md index f321be04..e7af06c1 100644 --- a/docs/binary-exploitation/buffer-overflow.md +++ b/docs/binary-exploitation/buffer-overflow.md @@ -75,7 +75,7 @@ The remaining 152 bytes would continue clobbering values up the stack. How can we use this to pass the seemingly impossible check in the original program? Well, if we carefully line up our input so that the bytes that overwrite `secret` happen to be the bytes that represent 0x1337 in little-endian, we'll see the secret message. -A small Python one-liner will work nicely: `python -c "print 'A'*100 + '\x31\x13\x00\x00'"` +A small Python one-liner will work nicely: `python -c "print 'A'*100 + '\x37\x13\x00\x00'"` This will fill the `name` buffer with 100 'A's, then overwrite `secret` with the 32-bit little-endian encoding of 0x1337.