Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Neither of our solutions were "reliable", and also required being run in a loop. (I know this about a1k0n's solution, as he sent me an e-mail asking me about my solution).


I actually have a 100% reliable solution that exploits the executable stack on level 04. No need to guess the address of the stack using one side effect that I found in this specific case:

https://gist.github.com/807e81ad64c4e84a7770 (SPOILERS)


Awesome!! I totally saw that call instruction, and then went on a wild goose chase thinking about how to get the string into that register, totally missing the fact that some of my earlier attempts at using printf had established that the string already happened to be there to begin with. Now I just feel dumb. ;P




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: