![](https://img-blog.csdnimg.cn/718d55f4e7854fe888baf4eaeaf8ab79.png?x-oss-process=image/resize,m_fixed,h_224,w_224)
Pwn-CTFSHOW
Pwn-CTFSHOW-record
P1umH0
这个作者很懒,什么都没留下…
展开
-
PWN-PRACTICE-CTFSHOW-8
PWN-PRACTICE-CTFSHOW-8吃瓜杯-wuqian月饼杯II-简单的胖月饼杯II-容易的胖击剑杯-pwn01-My_sword_is_ready吃瓜杯-wuqian栈溢出,ret2text# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"#io=process("./pwn1")io=remote("pwn.challenge.ctf.show",28059)elf=ELF("./pwn1")sy原创 2022-01-18 19:08:21 · 1840 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-7
PWN-PRACTICE-CTFSHOW-7大吉大利杯-easyrop大牛杯-guess吃鸡杯-win_pwn吃鸡杯-easy_canary大吉大利杯-easyrop栈溢出,SROP# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"context.arch="amd64" #32位和64位的sigframe结构不同,需要指定处理器架构#io=process("./pwn1")io=remote("pwn.chall原创 2022-01-18 14:40:55 · 1787 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-6
PWN-PRACTICE-CTFSHOW-636D杯-MengxinStack36D杯-tang1024杯-1024_happy_stack1024杯-1024_happy_checkin36D杯-MengxinStack程序开了canary和PIE保护泄露远程libc版本,为 libc6_2.23-0ubuntu10_amd64.sofrom pwn import *io=remote("pwn.challenge.ctf.show",28124)io.recvuntil("She said:原创 2022-01-18 10:56:51 · 1717 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-5
PWN-PRACTICE-CTFSHOW-5BJDCTF2020-router36D杯-签到36D杯-babyFmtstr36D杯-MagicStringBJDCTF2020-router36D杯-签到栈溢出,用ROPgadget找到一个"sh"字符串,ROP,程序过滤了cat和空格,more<flag绕过即可# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"#io=process("./pwn1")io=原创 2022-01-16 16:58:19 · 398 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-4
PWN-PRACTICE-CTFSHOW-4BJDCTF2020-babyrouterBJDCTF2020-babystackBJDCTF2020-dizzyBJDCTF2020-encryptde stackBJDCTF2020-babyrouter栈溢出,ret2libc# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"#io=process("./pwn1")io=remote("pwn.challenge.c原创 2022-01-16 12:06:34 · 676 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-3
PWN-PRACTICE-CTFSHOW-3pwn10萌新赛-签到题萌新赛-数学99内部赛-签到题pwn10格式化字符串漏洞,覆写num为16即可打印出flag# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"#io=process("./pwn1")io=remote("pwn.challenge.ctf.show",28045)elf=ELF("./pwn1")#gdb.attach(io,"b * 0x0原创 2022-01-13 16:10:19 · 536 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-2
PWN-PRACTICE-CTFSHOW-2pwn05pwn06pwn0701栈溢出之ret2textpwn05栈溢出,覆盖返回地址为后门函数getFlag起始地址即可# -*- coding:utf-8 -*-from pwn import *context.log_level="debug"#io=process("./pwn1")io=remote("pwn.challenge.ctf.show",28091)elf=ELF("./pwn1")getFlag=0x08048486原创 2022-01-13 10:32:32 · 271 阅读 · 0 评论 -
PWN-PRACTICE-CTFSHOW-1
PWN-PRACTICE-CTFSHOW-1PWN签到题pwn02pwn03pwn04PWN签到题nc连上去就会打印flagpwn02栈溢出,覆盖返回地址为后门函数stack起始地址即可# -*- coding:utf-8 -*-from pwn import *#io=process("./pwn1")io=remote("pwn.challenge.ctf.show",28194)elf=ELF("./pwn1")stack=0x0804850Fio.recvuntil("3原创 2022-01-13 10:06:20 · 373 阅读 · 0 评论