题目地址:shell
这个题目是高手进阶区的第14题,这一题我没有按照顺序来,耍脾气来!呵呵
看看保护机制
[*] '/ctf/work/python/shell/shell'
Arch: amd64-64-little
RELRO: No RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE (0x400000)
开启了Canary和NX
反编译c语言代码
int __cdecl __noreturn main(int argc, const char **argv, const char **envp)
{
int v3; // eax
__int64 v4; // [rsp+0h] [rbp-F0h]
__int64 v5; // [rsp+8h] [rbp-E8h]
__int64 v6; // [rsp+10h] [rbp-E0h]
__int64 v7; // [rsp+18h] [rbp-D8h]
const char **addr_cmd; // [rsp+30h] [rbp-C0h]
const char *szFileP; // [rsp+38h] [rbp-B8h]
const char *szFileU; // [rsp+40h] [rbp-B0h]
size_t n; // [rsp+48h] [rbp-A8h]
__ssize_t nLenRead; // [rsp+50h] [rbp-A0h]
char *lineptr; // [rsp+58h] [rbp-98h]
FILE *stream; // [rsp+60h] [rbp-90h]
char szTip; // [rsp+6Fh] [rbp-81h]
int bAuth; // [rsp+70h] [rbp-80h]
int szUsername; // [rsp+74h] [rbp-7Ch]
int szPassword; // [rsp+94h] [rbp-5Ch]
int szInput; // [rsp+B4h] [rbp-3Ch]
char *filename; // [rsp+D8h] [rbp-18h]
const char **v21; // [rsp+E0h] [rbp-10h]
int v22; // [rsp+E8h] [rbp-8h]
int v23; // [rsp+ECh] [rbp-4h]
v23 = 0;
v22 = argc;
v21 = argv;
filename = "creds.txt";
bAuth = 0;
szTip = '$';
setvbuf(_bss_start, 0LL, 2, 0LL);
while