![](https://img-blog.csdnimg.cn/20201014180756925.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
XCTF-OJ
硬面饽饽
毕业了
展开
-
SCTF2014/pwn400 writeup
SCTF2014/pwn400 writeup 很容易找到漏洞在delete函数,delete函数的外部输入直接是个指针else if ( ptr->next ) { q = ptr->next; p = ptr->pre; p->next = q; q->pre = p; }..free(ptr)利用双链原创 2016-06-12 22:12:42 · 1069 阅读 · 0 评论 -
writeup hitcon-ctf-2014/stkof
writeup hitcon-ctf-2014/stkof题目: https://github.com/ctfs/write-ups-2014/tree/master/hitcon-ctf-2014/stkof 漏洞分析可参考: http://acez.re/ctf-writeup-hitcon-ctf-2014-stkof-or-modern-heap-overflow/ 使用pwntoo原创 2016-06-12 22:04:28 · 2167 阅读 · 0 评论 -
RCTF2015 welpwn: 200 writeup
题目:http://oj.xctf.org.cn/files/welpwn_932a4428ea8d4581431502ab7e66ea4b最简单栈溢出,先read 1024字节,然后循环赋值导致栈溢出,循环到\0结束,因此需要构造ROP过掉\0限制: 0x0040089c: pop r12 ; pop r13 ; pop r14 ; pop r15 ; ret ‘A’*24 + p64(0x原创 2016-06-14 22:50:42 · 2369 阅读 · 1 评论