比赛复现
关注
分享
扫一扫
文章平均质量分 77
Akura@lan
咸鱼………
展开
-
20190ctf ageis
Analysischecksecfranex@franex-virtual-machine:~/桌面/babyaegis$ checksec aegis[*] '/home/franex/\xe6\xa1\x8c\xe9\x9d\xa2/babyaegis/aegis' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE:原创 2021-11-24 00:05:18 · 1006 阅读 · 0 评论 -
killer queen ctf
SEARCHING先看一下ida的main函数int __cdecl __noreturn main(int argc, const char **argv, const char **envp){ int v3; // [rsp+Ch] [rbp-4h] setbuf(stdin, 0LL); setbuf(stdout, 0LL); setbuf(stderr, 0LL); puts("All my homies hate fufu's."); puts("You can原创 2021-11-13 01:27:32 · 552 阅读 · 0 评论 -
KILL QUEEN CTF
目录zoom2winzoom2win检查保护机制[*] '/home/ubuntu16/Desktop/zoom2win' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000)在ida里面看函数int __cdecl main(int argc, const c原创 2021-11-03 00:02:31 · 255 阅读 · 0 评论 -
2021强网拟态复现
sonicchecksec一下发现开了PIE和NX还有relro,这里比赛的时候本来想打ret2csu的。。好像是这个名字。。忘了程序打印出了main的地址,开PIE后三位不变,所以打印出main地址后直接取除了后三位的其他位,在ida找后三位地址加上就行,然后就可以栈溢出getshellfrom pwn import *#r=remote('123.60.63.90',6890)r = process('./sonic')context(arch='amd64', os='linux')原创 2021-10-30 18:37:49 · 727 阅读 · 0 评论