加载头像

chall

Ubuntu16


0x01


checksec

1
2
3
4
5
6
[*] '/home/zelas/Desktop/pwn/EasyPwn/chall'
Arch: i386-32-little
RELRO: Full RELRO
Stack: No canary found
NX: NX enabled //栈不可执行
PIE: No PIE (0x8048000)

IDA

vuln()

1
2
3
4
5
6
7
int vuln()
{
char s[18]; // [esp+6h] [ebp-12h] BYREF

readn(s); //s
return readn(&str); //.bss 0x804A040
}

readn()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
int __cdecl readn(void *s)
{
int v1; // eax
int n; // [esp+8h] [ebp-10h]
char v4; // [esp+Fh] [ebp-9h]

v4 = getchar();
n = 0;
while ( v4 != 10 )
{
v1 = n++;
*((_BYTE *)s + v1) = v4;
v4 = getchar();
}
if ( n > 100 )
memset(s, 0, n);
return n;
}

0x02


思路


评论
✅ 你无需删除空行,直接评论以获取最佳展示效果
引用到评论
随便逛逛博客分类文章标签
复制地址关闭热评深色模式轉為繁體