fixup some final pages

2021-03-09 04:32:42 -08:00 · 2021-03-09 04:32:42 -08:00 · 7555f3bbcb
commit 7555f3bbcb
parent 94e44e406b
3 changed files with 14 additions and 14 deletions
--- a/content/posts/gctf-2020-writeonly.md
+++ b/content/posts/gctf-2020-writeonly.md
@ -157,15 +157,15 @@ the PID since it would have been returned from fork and it is logged by the
 suspicious `printf`. As it turned out, it was indeed on the stack, so I wrote
 some evil inline assembly to get the value pointed to by `rbp - 0x4`.

-The next step was to construct the path. I was unsure of the availability of C
-string and `itoa`-like functions in the environment, given that there is no
-standard library present, so I just wrote some. An interesting optimization of
-this nicked from [later rewriting the exploit in
-Rust](https://lfcode.ca/blog/writeonly-in-rust) is that my `itoa` goes
-backwards, writing into a with a buffer containing extra slashes that will
-otherwise be ignored by the OS.  This cut my executable size about in half by
-not having to reverse the string or perform string copies as one would have to
-do in a normal `itoa`.
+The next step was to construct the path. I was unsure of the availability of
+C string and `itoa`-like functions in the environment, given that there is no
+standard library present, so I just wrote some. An interesting optimization
+of this nicked from [later rewriting the exploit in
+Rust](/blog/writeonly-in-rust) is that my `itoa` goes backwards, writing into
+a with a buffer containing extra slashes that will otherwise be ignored by
+the OS. This cut my executable size about in half by not having to reverse
+the string or perform string copies as one would have to do in a normal
+`itoa`.


 ```c