版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/levones/article/details/81159133
passcode_WriteUp(pwnable.kr_passcode)scanf函数不加”&”带来的危险
题目传送门:http://pwnable.kr/play.php
#include <stdio.h>
#include <stdlib.h>
void login(){
int passcode1;
int passcode2;
printf("enter passcode1 : ");
scanf("%d", passcode1);
fflush(stdin);
// ha! mommy told me that 32bit is vulnerable to bruteforcing :)
printf("enter passcode2 : ");
scanf("%d", passcode2);
printf("checking...\n");
if(passcode1==338150 && passcode2==13371337){
printf("Login OK!\n");
system("/bin/cat flag");
}
else{
printf("Login Failed!\n");
exit(0);
}
}
void welcome(){
char name[100];
printf("enter you name : ");
scanf("%100s", name);
printf("Welcome %s!\n", name);
}
int main(){
printf("Toddler's Secure Login System 1.0 beta.\n");
welcome();
login();
// something after login...
printf("Now I can safely trust you that you have credential :)\n");
return 0;
}可以将源代码,可执行文件以scp -P 2222 [email protected]:/home/passcode/passcode.c passcode.c下载到本地分析
另外,由于我在网上找到了有大佬写过这个,而且写的很全面,觉得自己无需再次搬砖,就把大佬的链接放在这里了:https://blog.csdn.net/smalosnail/article/details/53247502