the_end
hctf2018_the_end远程:2.27-3ubuntu1 每次往一个地址里面写1字节,给了libc _dl_rtld_unlock_recursive/_dl_rtld_lock_recursive往libc中写入数据,通过exit退出,打exithook,用one_gadget来获取shell 我们劫持ld中rtld_global结构体的_dl_rtld_unlock_recursive/_dl_rtld_lock_recursive 最后打的是_dl_rtld_unlock_recursive _dl_rtld_lock_recursive没通 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556#coding:utf-8from pwn import *from tw11ty import *#from ctypes import *if __name__ ==...
一次性格式化字符串利用
一次性格式化字符串【2023 强网杯】ez_fmt没开pie,开了 full Relro,改不了got和fini_array,也给了buf地址,栈上地址用偏移算 改printf_ret地址,绕过w==0xffff的限制,控制程序再次执行read 0x00401205 再次执行格式化字符串 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889#coding:utf-8from pwn import *from pwnlib.util.packing import p64, u64, p32, u32#from ctypes import *#from LibcSearcher import *s = lambda data :...
Hello World
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Quick StartCreate a new post1$ hexo new "My New Post" More info: Writing Run server1$ hexo server 1234print("hello world")def hello_world(): print("hello world") return "hello world" More info: Server Generate static files1$ hexo generate More info:...