这题我认为主要考察的知识点一个是沙箱中可用函数还有就是shellcode这个大头问题。
首先看看这道题目的代码:
root@kali:~# ssh asm@pwnable.kr -p2222
asm@pwnable.kr's password:
____ __ __ ____ ____ ____ _ ___ __ _ ____
| \| |__| || \ / || \ | | / _] | |/ ]| \
| o ) | | || _ || o || o )| | / [_ | ' / | D )
| _/| | | || | || || || |___ | _] | \ | /
| | | ` ' || | || _ || O || || [_ __ | \| \
| | \ / | | || | || || || || || . || . \
|__| \_/\_/ |__|__||__|__||_____||_____||_____||__||__|\_||__|\_|
- Site admin : daehee87.kr@gmail.com
- IRC : irc.netgarage.org:6667 / #pwnable.kr
- Simply type "irssi" command to join IRC now
- files under /tmp can be erased anytime. make your directory under /tmp
- to use peda, issue `source /usr/share/peda/peda.py` in gdb terminal
Last login: Sun Jul 22 23:03:43 2018 from 180.139.99.191
asm@ubuntu:~$ ls -al
total 48
drwxr-x--- 5 root asm 4096 Jan 2 2017 .
drwxr-xr-x 87 root root 4096 Dec 27 2017 ..
d--------- 2 root root 4096 Nov 19 2016 .bash_history
dr-xr-xr-x 2 root root 4096 Nov 25 2016 .irssi
drwxr-xr-x 2 root root 4096 Jan 2 2017 .pwntools-cache
-rwxr-xr-x 1 root root 13704 Nov 29 2016 asm
-rw-r--r-- 1 root root 1793 Nov 29 2016 asm.c
-rw-r--r-- 1 root root 211 Nov 19 2016 readme
-rw-r--r-- 1 r