-
-
[分享]2月刷pwn题的知识点总结
-
发表于:
2022-2-24 11:39
9656
-
最近刷了一些题,学到了很多知识点。但由于这些题网上都有很好的wp,就没有我赘述的必要了。
这里就把这些题的知识点总结一下,方便大家和自己的巩固。
攻防世界Recho
题目链接:
38fK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3N6r3q4K6K9#2)9J5c8X3q4F1M7%4N6W2M7W2)9K6c8Y4c8&6M7r3g2Q4x3@1c8H3N6$3&6Q4x3U0k6S2L8i4m8Q4x3@1u0F1N6h3#2T1k6i4u0Q4x3@1b7J5i4K6t1$3j5h3#2H3i4K6y4n7k6%4u0S2k6r3g2Q4x3@1b7I4i4K6t1$3j5h3#2H3i4K6y4n7K9h3c8Q4x3@1b7@1z5e0R3$3i4K6t1$3j5h3#2H3i4K6y4n7M7r3q4Y4k6g2)9K6c8o6p5`.
wp链接:57eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3L8h3g2V1K9h3q4Q4x3V1k6#2M7r3I4G2j5h3c8K6i4K6u0r3N6%4u0A6N6r3g2#2M7q4)9J5c8U0c8T1y4X3f1J5y4o6b7@1x3o6u0X3k6e0p5I4k6h3p5&6k6U0f1%4x3o6l9I4y4U0y4W2x3o6l9@1k6e0V1K6i4K6u0W2M7r3c8X3
知识点
- 对于while执行的输入,一般情况下无法返回移除改写的地址时,可以使用pwntools的shutdown命令,但这种情况下输入流会彻底关闭
攻防世界dubblesort
题目链接:
8ecK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3N6r3q4K6K9#2)9J5c8X3q4F1M7%4N6W2M7W2)9K6c8Y4c8&6M7r3g2Q4x3@1c8H3N6$3&6Q4x3U0k6S2L8i4m8Q4x3@1u0F1N6h3#2T1k6i4u0Q4x3@1b7J5i4K6t1$3j5h3#2H3i4K6y4n7k6%4u0S2k6r3g2Q4x3@1b7I4i4K6t1$3j5h3#2H3i4K6y4n7K9h3c8Q4x3@1b7@1y4K6p5$3i4K6t1$3j5h3#2H3i4K6y4n7M7r3q4Y4k6g2)9K6c8o6t1`.
wp链接:046K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4y4W2j5h3q4K6k6h3g2K6j5g2)9J5c8X3q4J5N6r3W2U0L8r3g2Q4x3V1k6V1k6i4c8S2K9h3I4K6i4K6u0r3x3e0l9K6x3e0x3I4x3K6V1I4i4K6u0r3
知识点
- 对缓冲区是否memset留心眼,如果没memset可以直接泄露随机地址这样的重要信息
- 掌握scanf函数特性:-+可以跳过一次输入,让该处内存保留原值
攻防世界noteservice2
题目链接:
d8eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3N6r3q4K6K9#2)9J5c8X3q4F1M7%4N6W2M7W2)9K6c8Y4c8&6M7r3g2Q4x3@1c8H3N6$3&6Q4x3U0k6S2L8i4m8Q4x3@1u0F1N6h3#2T1k6i4u0Q4x3@1b7J5i4K6t1$3j5h3#2H3i4K6y4n7k6%4u0S2k6r3g2Q4x3@1b7I4i4K6t1$3j5h3#2H3i4K6y4n7K9h3c8Q4x3@1b7@1y4U0p5I4i4K6t1$3j5h3#2H3i4K6y4n7M7r3q4Y4k6g2)9K6c8o6p5`.
wp链接:
c39K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4q4A6L8U0V1^5x3o6m8Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0p5H3y4o6M7#2x3U0b7K6z5q4)9J5c8R3`.`.
知识点
- 狭窄区域内shellcode的编写,灵活运用jump short命令
- 执行权限的获取:改写got地址为shellcode地址
攻防世界 time_formatter
题目链接:
619K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6s2N6G2M7X3I4V1i4K6u0W2P5r3y4@1k6W2)9J5k6h3!0J5k6#2)9J5k6h3y4F1i4K6u0r3N6r3q4K6K9#2)9J5c8X3q4F1M7%4N6W2M7W2)9K6c8Y4c8&6M7r3g2Q4x3@1c8H3N6$3&6Q4x3U0k6S2L8i4m8Q4x3@1u0F1N6h3#2T1k6i4u0Q4x3@1b7J5i4K6t1$3j5h3#2H3i4K6y4n7k6%4u0S2k6r3g2Q4x3@1b7I4i4K6t1$3j5h3#2H3i4K6y4n7K9h3c8Q4x3@1b7@1z5o6x3J5i4K6t1$3j5h3#2H3i4K6y4n7M7r3q4Y4k6g2)9K6c8o6p5`.
wp链接:
32eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5%4y4V1L8W2)9J5k6h3&6W2N6q4)9J5c8Y4f1H3x3e0t1^5z5e0l9H3z5e0g2Q4x3V1k6S2M7Y4c8A6j5$3I4W2i4K6u0r3k6r3g2@1j5h3W2D9M7#2)9J5c8U0p5H3z5e0t1%4y4e0M7^5x3H3`.`.
知识点
- uaf对字符限制的绕过
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
