[BUUCTF]PWN——picoctf_2018_buffer overflow 0

Others 2021-03-23 10:40:17 views: null

picoctf_2018_buffer overflow 0

annex
Insert picture description here

step

Routine inspection, 32-bit program, nx protection is turned on
Prompt for ssh link
After ssh was connected, I tried a little bit, it seems that the program vuln can read the flag
32 is ida loading test file.

Baidu clicked on signal and found that 11 is (SIGSEGV), a signal for invalid access to storage.
Line 15 means that a function sigsegv_handler is set to handle invalid access to storage when the program generates.

That is to say, when the program causes invalid memory access, it will output flag.
Looking down on the vuln function,

copy src to dest, which can cause overflow.
There are two solutions:
1. Overwrite ret to put, and then output the value of the flag address,
payload='a'*(0x18+4 )+p32(puts)+p32(0)+p32(flag_addr)

./vuln aaaaaaaaaaaaaaaaaaaaaaaa\xc0\x84\x04\x08\x00\x00\x00\x00\x80\xa0\x04\x08

2. The above analysis also outputs flag when the memory access error is caused. Due to the overflow of vlun, we can easily cause illegal memory access

Guess you like

Origin blog.csdn.net/mcmuyanga/article/details/114576788

[BUUCTF]PWN——picoctf_2018_buffer overflow 0

Buffer Overflow buffer overflow and protection measures

CTF - pwn (Stack Overflow)

Buffer overflows (stack overflow)

Buffer overflow test

Redis buffer overflow handling

Mips buffer overflow exploit

Buffer overflow experiment

Buffer overflow vulnerability prevention

"0day" -2- stack overflow

Learning experience --Leetcode given AddressSanitizer: heap-buffer-overflow on address 0x60200000002c (leetcode title algorithm with code 4)

Introduction to ctf(pwn) stack overflow

Function call stack buffer overflow

Defense Technology of Buffer Overflow Attack

Vulnerability Exploits and Buffer Overflow Attacks

2018-5-2 Buffer overflow attack experiment

[BUUCTF]PWN——picoctf_2018_are you root (program logic error)

Buuctf(pwn) picoctf_2018_rop chain 栈溢出

In-depth and comprehensive exploration of unhandled exceptions: 0xC00000FD: Stack overflow (stack overflow) problem!

Buffer overflow attacks (Buffer Overflows Lab Notes)

Ie when browsing the site, the pop stack overflow at line: 0

CTF-0day2- stack overflow (3) - implanted Code

Recording stoichiometric transactions starting from 0 - Stack Overflow

Network security (nine buffer overflow && metasploit)

Explain the principle of buffer overflow by debugging the code

CSAPP Experiment 3: Buffer Overflow Bomb (Buflab)

shellcode, buffer overflow vulnerability and remote call

Post-infiltration buffer overflow experiment

CSAPP Study Notes - Buffer Overflow (Preface to AttackLab)

Introduction to pwn (3): Buffer overflow ROP attack (ret2syscall+ret2libc)

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)