checksec && 运行
ida
orw_seccomp
函数限制了可用的系统调用
查看系统调用号
cat /usr/include/x86_64-linux-gnu/asm/unistd_32.h | grep -wE '__NR_open|__NR_read|__NR_write|__NR_close|__NR_exit'
如何查看系统调用号:
x64:cat /usr/include/x86_64-linux-gnu/asm/unistd_64.h
x86:cat /usr/include/x86_64-linux-gnu/asm/unistd_32.h
利用思路
手搓汇编实现ret2shellcode
打开flag→读flag→输出flag
代码
'''
@Author : 白银
@Date : 2023-05-06 09:07:16
@LastEditors : 白银
@LastEditTime : 2023-05-06 11:34:27
@FilePath : /pwn/orw.py
@Description : https://buuoj.cn/challenges#pwnable_orw
@Attention :
@Copyright (c) 2023 by 白银 captain-jparrow@qq.com, All Rights Reserved.
'''
from pwn import *
# from libcfind import *
set_arch = 2 # set_arch中,int,0→amd64,1→arm64,2→i386
pwnfile = './orw' # pwnfile, str,二进制文件
if_remote =