我要学pwn
文章平均质量分 58
骗我呢?????
名为逗比
一个重拾软件开发的逗比
展开
-
我要学pwn.day17
jarvisoj_fm潜心修炼,从基础开始这是一道基础的格式化字符串的题解题流程1.查看文件保护$ checksec fm[*] '/home/ctf/Downloads/pwnexercise/fm' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000)32位程原创 2021-08-02 00:27:51 · 165 阅读 · 0 评论 -
我要学pwn.day16
pwn2_sctf_2016潜心修炼,从基础开始这是一道整数溢出加ROP的题解题流程1.查看文件保护checksec pwn2_sctf_2016[*] '/home/ctf/Downloads/pwnexercise/bjdctf_2020_babyrop/pwn2_sctf_2016' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX原创 2021-07-30 23:27:50 · 3133 阅读 · 0 评论 -
我要学pwn.day15
bjdctf_2020_babyrop潜心修炼,从基础开始这是一道基础ROP题解题流程1.查看文件保护$ checksec bjdctf_2020_babyrop[*] '/home/ctf/Downloads/pwnexercise/2018_rop/bjdctf_2020_babyrop' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX:原创 2021-07-26 22:51:02 · 513 阅读 · 0 评论 -
我要学pwn.day14
铁人三项(第五赛区)_2018_rop潜心修炼,从基础开始这是一道泄露libc,并getshell解题流程1.查看文件$ file 2018_rop2018_rop: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=a6c3ab368d8cd315e3b原创 2021-07-22 00:08:48 · 179 阅读 · 0 评论 -
我要学pwn.day13
ciscn_2019_ne_5潜心修炼,从基础开始这是一道使用sh获得shell的题解题流程1.查看文件$ file ciscn_2019_ne_5ciscn_2019_ne_5: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6482843cea0a0原创 2021-07-20 23:47:58 · 1839 阅读 · 1 评论 -
我要学pwn.day12
ciscn_2019_n_5潜心修炼,从基础开始这是一道简单的编写shellcode解题流程1.查看文件$ file ciscn_2019_n_5ciscn_2019_n_5: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=9e420b4efe原创 2021-07-19 00:10:11 · 564 阅读 · 0 评论 -
我要学pwn.day11
jarvisoj_level2_x64潜心修炼,从基础开始一道简单的ROP解题流程1.查看文件$ file level2_x64level2_x64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=17f0f0026ee70f2e0c8c600原创 2021-07-15 00:20:47 · 120 阅读 · 0 评论 -
我要学pwn.day10
ciscn_2019_n_8潜心修炼,从基础开始简单的pwntools使用解题流程1.查看文件$ file ciscn_2019_n_8ciscn_2019_n_8: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=44b5b2d71c377819ef3c53a4511038cd2b25a原创 2021-07-14 06:42:18 · 186 阅读 · 1 评论 -
我要学pwn.day9
[OGeek2019]babyrop潜心修炼,从基础开始栈溢出无system的ROP解题流程1.查看文件$ file OGropOGrop: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=6503b3ef34c8d55c8d3e861fb4de2110原创 2021-07-14 00:03:06 · 165 阅读 · 0 评论 -
我要学pwn.day8
[第五空间2019 决赛]PWN5潜心修炼,从基础开始据说是基础的格式化字符串漏洞ps:一个’%10$n’百度了半小时,终于看清楚了,是将成功输入字符串的个数,不是字符串!!!占位符作用%p以16进制输出指针的值(地址)%x输出16进制值(与%p有区别)%s输出字符串值%d输出10进制整数%n占位符前面成功输入的字符个数写入变量中解题流程1.查看文件$ file pwnpwn: ELF 32-bit LSB executable原创 2021-07-11 00:08:07 · 194 阅读 · 1 评论 -
我要学pwn.day7
ciscn_2019_c_1潜心修炼,从基础开始这是一道没有system的ROP解题流程1.检查文件$ file ciscn_2019_c_1ciscn_2019_c_1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=06ddf49af2b8原创 2021-07-09 23:43:14 · 264 阅读 · 6 评论 -
我要学pwn.day6
jarvisoj_level0潜心修炼,从基础开始这是一道最基本的栈溢出解题流程1.查看文件$ file level0level0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=8dc0b3ec5a7b489e61a71bc1afa79741原创 2021-07-06 21:49:15 · 113 阅读 · 0 评论 -
我要学pwn.day5
pwn1_sctf_2016潜心修炼,从基础开始这是一道C++的字符串替换后溢出解题流程1.查看文件$ file pwn1_sctf_2016pwn1_sctf_2016: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=4b1df4d30f1d6b75原创 2021-07-06 00:34:48 · 388 阅读 · 0 评论 -
我要学pwn.day4
ciscn_2019_n_1潜心修炼,从基础开始这是一道简单的栈溢出覆盖变量解题流程1.查看文件$ file ciscn_2019_n_1ciscn_2019_n_1: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=8a733f5404b1e2原创 2021-07-05 23:40:51 · 166 阅读 · 0 评论 -
我要学pwn.day3
warmup_csaw_2016潜心修炼,从基础开始这是一道简单的栈溢出解题思路1.查看文件$ file ./warmup_csaw_2016./warmup_csaw_2016: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=7b7d75c5原创 2021-07-05 22:34:11 · 103 阅读 · 0 评论 -
我要学pwn.day2
[HarekazeCTF2019]baby_rop潜心修炼,从基础开始这是一道简单的rop解题思路1.查看文件$ file babyropbabyrop: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=b5a3b2575c451140ec967原创 2021-07-04 00:25:11 · 206 阅读 · 0 评论 -
我要学pwn.day1
rip _buu潜心修炼,从基础开始这是一道基础栈溢出的题解题流程流程检查文件$ file ./rip./rip: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=1c72ddcad651c7f35bb655e0ddda5ecbf8d3199原创 2021-07-03 22:20:57 · 491 阅读 · 0 评论