bjdctf_2020_babystack
Ubuntu 16
0x01
checksec
shell
1 | [*] '/home/zelas/Desktop/pwn/bjdctf_2020_babystack/bjdctf_2020_babystack' |
IDA
main()
c
1 | int __cdecl main(int argc, const char **argv, const char **envp) |
可疑函数backdoor
c
1 | __int64 backdoor() |
//0x4006E6
0x02
思路
1.利用read()函数的溢出
s | 10H |
---|---|
ebp | 0x8 |
ret | backdoor |
0x03
python
1 | from pwn import * |