![[Toddler's Bottle]passcode](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FCkkYH%2Fbtr3cJWFWHh%2FHQrq5aFHAoFgkDq4hLfCqk%2Fimg.png "[Toddler's Bottle]passcode")
login 함수에 scanf("%d", passcode1) 부분을 보면 passcode1에 저장된 값에 입력 값을 저장하게 된다. 그리고 welcome 함수에서 100byte를 입력 받는데 마지막 4byte가 passcode1의 영역이다. 즉 4byte 만큼 원하는 위치(passcode1 에 입력한 위치)에 값을 입력하는 것이 가능해진다. login 함수에 scanf("%d", passcode1) 이후에 실행될 아무 함수의 GOT를 system("/bin/cat flag") 부분으로 Overwrite 해주면 클리어다!
[Toddler's Bottle]passcode에 대한 요약내용입니다.
자세한 내용은 아래에 원문링크를 확인해주시기 바랍니다.
원문링크 : [Toddler's Bottle]passcode
![[baekjoon] 23354](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FEcvgX%2FbtscfAQsKK1%2FaN9p2I7yPVJeXkUklBT9k0%2Fimg.png "[baekjoon] 23354")
![[baekjoon] 7569](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Ft1.daumcdn.net%2Ftistory_admin%2Fstatic%2Fimages%2FopenGraph%2Fopengraph.png "[baekjoon] 7569")
![[Toddler's Bottle]blackjack](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fmp9dD%2Fbtr3dTLfHX6%2Fa6sFotTqEd2Y8P4SKY7Sc1%2Fimg.png "[Toddler's Bottle]blackjack")
![[TelegramAlarm] 시작(1)](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F2gLFt%2FbtsbTobIJAr%2F34JOXI3ppTzQ5QqajIFTKK%2Fimg.png "[TelegramAlarm] 시작(1)")
![[Toddler's Bottle]fd](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fbs0Dsd%2Fbtr3uEMtlvG%2FTbkoOBd1oaJ3sRHkXQlKi1%2Fimg.png "[Toddler's Bottle]fd")
![[baekjoon] 3020](http://img1.daumcdn.net/thumb/R800x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcvOTk2%2FbtscPemgDgU%2FNplK77oDaz6E5qPmYik841%2Fimg.png "[baekjoon] 3020")
네이버 블로그
티스토리
커뮤니티