CSAW 2012 – Exploitation 300

Exploitation 300 was a remote service with some funny korean strings in it. To run it locally you needed to create a user ‘liaotian’ on your system and put a ‘key’ file in it’s home directory.

When we connect to the service we can send some string and it will disconnect us. However, when we send a big string(TM) we trigger a traditional stack smash. After exactly 326 bytes we hit the first saved EIP.
{Read More}