源码:
#include <stdlib.h>
void login(){
int passcode1;
int passcode2;
printf("enter passcode1 : ");
scanf("%d", passcode1); #缺少&符号
fflush(stdin);
// ha! mommy told me that 32bit is vulnerable to bruteforcing :)
printf("enter passcode2 : ");
scanf("%d", passcode2); #缺少&符号
printf("checking...\n");
if(passcode1==338150 && passcode2==13371337){
printf("Login OK!\n");
system("/bin/cat flag");
}
else{
printf("Login Failed!\n");
exit(0);
}
}
void welcome(){
char name[100];
printf("enter you name : ");
scanf("%100s", name);
printf("Welcome %s!\n", name);
}
int main(){
printf("Toddler's Secure Login System 1.0 beta.\n");
welcome();
login();
// something after login...
printf("Now I can safely trust you that you have credential :)\n");
return 0;
}
结合了网上的解释大致了解了
1.首先了解got和plt表的大致意思
2.进入远程登录平台
3.查看源代码
4.分析每个函数之间的调用所用的字节,根据所占用的字节,我们可以合适的填充字节。达到我们我们想溢出的效果。
5.重点要查看开启的安全防护机制
https://blog.csdn.net/qq_35661990/article/details/82595621
网友评论