-
-
[原创]pwnabletw silver_bullet writeup
-
发表于:
2025-4-28 17:26
1950
-
[原创]pwnabletw silver_bullet writeup
通过逆向可以发现本题的漏洞在于power_up函数中的strncat
int __cdecl power_up(mystruct *dest)
{
char s[48]; // [esp+0h] [ebp-34h] BYREF
int v3; // [esp+30h] [ebp-4h]
v3 = 0;
memset(s, 0, sizeof(s));
if ( !dest->str[0] )
return puts("You need create the bullet first !");
if ( dest->len > 0x2Fu )
return puts("You can't power up any more !");
printf("Give me your another description of bullet :");
read_input(s, 48 - dest->len);
strncat(dest->str, s, 48 - dest->len);
v3 = strlen(s) + dest->len;
printf("Your new power is : %u\n", v3);
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
