zer0_1s

qiandao | 格式化字符串+栈溢出chen@ubuntu:~/Desktop$ checksec qiandao[*] '/home/chen/Desktop/qiandao' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x8048000) gets(&s);printf(&s);//格式化字符串漏洞，泄露栈上的信息...gets(&v4);//no canary 所以存在栈溢出 在main函数结尾发现已下的汇编代码，对汇编代码的分析很关键 .text:080485FD mov ecx, [ebp+var_4].text:08048600 leave.text:08048601 lea esp, [ecx-4].text:080 ...

Pwnable.kr password&延迟绑定 #include <stdio.h>#include <stdlib.h>void login(){int passcode1;int passcode2;printf("enter passcode1 : ");scanf("%d", passcode1);fflush(stdin);// ha! mommy told me that 32bit is vulnerable to bruteforcing :)printf("enter passcode2 : "); scanf("%d", passcode2);printf("checking...\n");if(passcode1==338150 && passcode2==13371337){ printf("Login OK!\n"); system("/bin/cat flag"); } else
...

Hitcon-traininggit clone https://github.com/scwuaptx/HITCON-Training.git已有环境，git克隆到当前目录 HITCONlab1 | 多种解法 buf=v2，则异或打印flag，但是buf无法被v2覆盖，所以无法从输入端控制，但是异或的v54的用char显示，根据小端模式，推知Do_y，即输入（0x44 6F5F79）=>0x795f6f44(内存中/栈中)=>(y_oD),所以用python复原字符串 list=[0x795f6f44,0x6B5F756F,0x5F776F6E,0x5F796877,0x745F796D,0x6D6D6165,0x5F657461,0x6E61724F, 0x695F6567,0x6F735F73,0x676E615F,0x3F3F7972] #0x3fstr=""for i in list:str+=chr(i%0x100)str+=chr(int(i%0x10000/0x100))str+=chr(int(i%0x1000000/0x10000))str+=ch ...

编译与链接被隐藏的过程 $gcc hello.c$./a.outHello world! 从源代码到可执行程序之间发生了什么？ 第一步|预编译gcc -E hello.c -o hello.i #Ccpp hello.c > hello.i #C++ 删除#define,展开对应的宏定义 处理条件预编译指令，#if,#ifdef,#else等 递归讲#include包含文件插入对应位置 删除注释，添加行号，文件明标识，方便调试 保留下面编译用的#prama编译器指令 第二步 | 编译gcc -S hello.i -o hello.scc1 hello.c #合并预编译，编译gcc -S hello.c -o hello.s #合并预编译，编译 对预处理的文件词法，语法，语义分析，并优化 第三步 | 汇编as hello.s -o hello.o #as 是汇编器gcc -c hello.s -o hello.o gcc -c hello.c -o hello.o #产 ...

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub. Quick StartCreate a new post$ hexo new "My New Post" More info: Writing Run server$ hexo server More info: Server Generate static files$ hexo generate More info: Generating Deploy to remote sites$ hexo deploy More info: Deployment