i春秋 - Exploit-Exercises: Nebula - level04
2017-02-25 22:22
417 查看
About
This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :)Source
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <stdio.h>
#include <fcntl.h>
int main(int argc, char **argv, char **envp)
{
char buf[1024];
int fd, rc;
if(argc == 1) {
printf("%s [file to read]\n", argv[0]);
exit(EXIT_FAILURE);
}
if(strstr(argv[1], "token") != NULL) {
printf("You may not access '%s'\n", argv[1]);
exit(EXIT_FAILURE);
}
fd = open(argv[1], O_RDONLY);
if(fd == -1) {
err(EXIT_FAILURE, "Unable to open %s", argv[1]);
}
rc = read(fd, buf, sizeof(buf));
if(rc == -1) {
err(EXIT_FAILURE, "Unable to read fd %d", fd);
}
write(1, buf, rc);
}Nebula官网
程序逻辑
读取指定文件,但是过滤token关键字,然后输出思路
i春秋没改这题的源码与程序,也就是说不会过滤flag关键字,所以直接运行即得flagcd /home/flag04/ ./flag04 flag
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- i春秋 - Exploit-Exercises: Nebula - level01
- i春秋 - Exploit-Exercises: Nebula - level02
- i春秋 - Exploit-Exercises: Nebula - level03
- i春秋 - Exploit-Exercises: Nebula - level06
- i春秋 - Exploit-Exercises: Nebula - level00
- i春秋 - Exploit-Exercises: Nebula - level05
- 从 Exploit Exercises Nebula 中总结linux的基础漏洞和一些小知识点
- Exploit Exercise Nebula 5 Level 00
- exploit-exercises-protostar
- Exploit Exercises Protostar Stack Part 0-7
- exploit-exercises-protostar
- Nebula_Level04
- ExploitExercises_Nebula_Level04
- Nebula level04
- 高级返回库函数exploit代码实现
- 【分析】如何写远程自动精确定位的format string exploit
- Microsoft Windows CSRSS Local Privilege Escalation Exploit (MS05-018)
- Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit
- 如何寻找你要的Exploit
- [Exploit]IE NCTAudioFile2.AudioFile ActiveX Remote Stack Overfl0w