Dump of assembler code for function main:
0x08048596 <+0>: push %ebp
0x08048597 <+1>: mov %esp,%ebp
0x08048599 <+3>: sub $0x18,%esp
0x0804859c <+6>: and $0xfffffff0,%esp
0x0804859f <+9>: mov $0x0,%eax
0x080485a4 <+14>: sub %eax,%esp
0x080485a6 <+16>: cmpl $0x2,0x8(%ebp)
0x080485aa <+20>: je 0x80485ca <main+52>
0x080485ac <+22>: mov 0xc(%ebp),%eax
0x080485af <+25>: mov (%eax),%eax
0x080485b1 <+27>: mov %eax,0x4(%esp)
0x080485b5 <+31>: movl $0x8048760,(%esp)
0x080485bc <+38>: call 0x80483b8 <printf@plt>
0x080485c1 <+43>: movl $0x0,-0x4(%ebp)
0x080485c8 <+50>: jmp 0x8048618 <main+130>
0x080485ca <+52>: call 0x804852d <pass>
0x080485cf <+57>: movl $0x64,0x8(%esp)
0x080485d7 <+65>: mov 0xc(%ebp),%eax
0x080485da <+68>: add $0x4,%eax
0x080485dd <+71>: mov (%eax),%eax
0x080485df <+73>: mov %eax,0x4(%esp)
0x080485e3 <+77>: movl $0x80491a0,(%esp)
0x080485ea <+84>: call 0x80483a8 <mbstowcs@plt>
0x080485ef <+89>: movl $0x8049140,0x4(%esp)
0x080485f7 <+97>: movl $0x80491a0,(%esp)
0x080485fe <+104>: call 0x80483d8 <wcscmp@plt>
0x08048603 <+109>: test %eax,%eax
0x08048605 <+111>: jne 0x804860c <main+118>
0x08048607 <+113>: call 0x80484b4 <win>
0x0804860c <+118>: movl $0x8048795,(%esp)
0x08048613 <+125>: call 0x80483e8 <puts@plt>
0x08048618 <+130>: mov -0x4(%ebp),%eax
0x0804861b <+133>: leave
0x0804861c <+134>: ret
End of assembler dump.
(gdb) disassemble pass
Dump of assembler code for function pass:
0x0804852d <+0>: push %ebp
0x0804852e <+1>: mov %esp,%ebp
0x08048530 <+3>: sub $0x4,%esp
0x08048533 <+6>: movl $0x8049140,-0x4(%ebp)
0x0804853a <+13>: movl $0x53,0x8049140
0x08048544 <+23>: movl $0x65,0x8049144
0x0804854e <+33>: movl $0x63,0x8049148
0x08048558 <+43>: movl $0x72,0x804914c
0x08048562 <+53>: movl $0x65,0x8049150
0x0804856c <+63>: movl $0x74,0x8049154
0x08048576 <+73>: movl $0x50,0x8049158
0x08048580 <+83>: movl $0x57,0x804915c
0x0804858a <+93>: movl $0x0,0x8049160
0x08048594 <+103>: leave
0x08048595 <+104>: ret
End of assembler dump.
hàm pass chứa string passwd:
0x0804853a <+13>: movl $0x53,0x8049140 // S
0x08048544 <+23>: movl $0x65,0x8049144 // e
0x0804854e <+33>: movl $0x63,0x8049148 // c
0x08048558 <+43>: movl $0x72,0x804914c // r
0x08048562 <+53>: movl $0x65,0x8049150 // e
0x0804856c <+63>: movl $0x74,0x8049154 // t
0x08048576 <+73>: movl $0x50,0x8049158 // P
0x08048580 <+83>: movl $0x57,0x804915c // W
0x0804858a <+93>: movl $0x0,0x8049160 // null
Vậy passwd là: SecretPW
(gdb) quit
level1@io:/levels$ ./level01 SecretPW
Win!
You will find the ssh password for level2 in /home/level2/.pass
sh-4.2$ cat /home/level2/.pass
tLmf7msJTJHEpw
sh-4.2$
0x08048544 <+23>: movl $0x65,0x8049144 // e
0x0804854e <+33>: movl $0x63,0x8049148 // c
0x08048558 <+43>: movl $0x72,0x804914c // r
0x08048562 <+53>: movl $0x65,0x8049150 // e
0x0804856c <+63>: movl $0x74,0x8049154 // t
0x08048576 <+73>: movl $0x50,0x8049158 // P
0x08048580 <+83>: movl $0x57,0x804915c // W
0x0804858a <+93>: movl $0x0,0x8049160 // null
Vậy passwd là: SecretPW
(gdb) quit
level1@io:/levels$ ./level01 SecretPW
Win!
You will find the ssh password for level2 in /home/level2/.pass
sh-4.2$ cat /home/level2/.pass
tLmf7msJTJHEpw
sh-4.2$
0 nhận xét:
Đăng nhận xét