gbrochar
/
RainFall
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
RainFall/level0/walkthrough

59 lines
2.5 KiB
Plaintext
Raw Blame History

0x08048ec0 <+0>: push ebp
0x08048ec1 <+1>: mov ebp,esp
0x08048ec3 <+3>: and esp,0xfffffff0
0x08048ec6 <+6>: sub esp,0x20
// Save ebp on the stack, esp on ebp, align stack and reserve 32 bytes for the stack
0x08048ec9 <+9>: mov eax,DWORD PTR [ebp+0xc]
// eax = argv (or &argv[0])
0x08048ecc <+12>: add eax,0x4
// eax = &argv[1]
0x08048ecf <+15>: mov eax,DWORD PTR [eax]
// eax = argv[1]
0x08048ed1 <+17>: mov DWORD PTR [esp],eax
// stack[esp] = eax;
0x08048ed4 <+20>: call 0x8049710 <atoi>
// call atoi with argv[1] as argument
0x08048ed9 <+25>: cmp eax,0x1a7
// compare atoi result with 423
0x08048ede <+30>: jne 0x8048f58 <main+152>
// if not equal jump to main+152 which writes "No !" and exits...
0x08048ee0 <+32>: mov DWORD PTR [esp],0x80c5348
// or continue here, which will launch a shell, done !
0x08048ee7 <+39>: call 0x8050bf0 <strdup>
0x08048eec <+44>: mov DWORD PTR [esp+0x10],eax
0x08048ef0 <+48>: mov DWORD PTR [esp+0x14],0x0
0x08048ef8 <+56>: call 0x8054680 <getegid>
0x08048efd <+61>: mov DWORD PTR [esp+0x1c],eax
0x08048f01 <+65>: call 0x8054670 <geteuid>
0x08048f06 <+70>: mov DWORD PTR [esp+0x18],eax
0x08048f0a <+74>: mov eax,DWORD PTR [esp+0x1c]
0x08048f0e <+78>: mov DWORD PTR [esp+0x8],eax
0x08048f12 <+82>: mov eax,DWORD PTR [esp+0x1c]
0x08048f16 <+86>: mov DWORD PTR [esp+0x4],eax
0x08048f1a <+90>: mov eax,DWORD PTR [esp+0x1c]
0x08048f1e <+94>: mov DWORD PTR [esp],eax
0x08048f21 <+97>: call 0x8054700 <setresgid>
0x08048f26 <+102>: mov eax,DWORD PTR [esp+0x18]
0x08048f2a <+106>: mov DWORD PTR [esp+0x8],eax
0x08048f2e <+110>: mov eax,DWORD PTR [esp+0x18]
0x08048f32 <+114>: mov DWORD PTR [esp+0x4],eax
0x08048f36 <+118>: mov eax,DWORD PTR [esp+0x18]
0x08048f3a <+122>: mov DWORD PTR [esp],eax
0x08048f3d <+125>: call 0x8054690 <setresuid>
0x08048f42 <+130>: lea eax,[esp+0x10]
0x08048f46 <+134>: mov DWORD PTR [esp+0x4],eax
0x08048f4a <+138>: mov DWORD PTR [esp],0x80c5348
0x08048f51 <+145>: call 0x8054640 <execv>
0x08048f56 <+150>: jmp 0x8048f80 <main+192>
0x08048f58 <+152>: mov eax,ds:0x80ee170
0x08048f5d <+157>: mov edx,eax
0x08048f5f <+159>: mov eax,0x80c5350
0x08048f64 <+164>: mov DWORD PTR [esp+0xc],edx
0x08048f68 <+168>: mov DWORD PTR [esp+0x8],0x5
0x08048f70 <+176>: mov DWORD PTR [esp+0x4],0x1
0x08048f78 <+184>: mov DWORD PTR [esp],eax
0x08048f7b <+187>: call 0x804a230 <fwrite>
0x08048f80 <+192>: mov eax,0x0
0x08048f85 <+197>: leave
0x08048f86 <+198>: ret
Reference in New Issue View Git Blame Copy Permalink