题目描述:
ASIS-CTF-Finals-2017 非常简单的热身pwn
分析思路:
1、首先查看文件的安全信息:
tucker@ubuntu:~/xman/pwn$ file Mary_Morton
Mary_Morton: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 2.6.32, BuildID[sha1]=b7971b84c2309bdb896e6e39073303fc13668a38, stripped
tucker@ubuntu:~/xman/pwn$ checksec Mary_Morton
[*] '/home/tucker/xman/pwn/Mary_Morton'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE (0x400000)
我们看到ELF文件开启了canary保护。
2.使用IDA查看:
void __fastcall __noreturn main(__int64 a1, char **a2, char **a3)
{
int v3; // [rsp+24h] [rbp-Ch]
unsigned __int64 v4; // [rsp+28h] [rbp-8h]
v4 = __readfsqword(0x28u);
sub_4009FF();
p