CSAW CTF Qualification Round 2018 - shell->code
原题
Linked lists are great! They let you chain pieces of data together.
nc pwn.chal.csaw.io 9005
链接:https://ctftime.org/task/6644
附件:(下面那个打不开的图片就是,请将文件下载下来改名为shellpointcode)
题解
首先看下文件的基本信息:
$ file shellpointcode
shellpointcode: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=214cfc4f959e86fe8500f593e60ff2a33b3057ee, not stripped
一个64位Linux二进制动态链接文件且未去除符号信息(not stripped)。
再看下二进制文件的安全措施:
$ checksec shellpointcode
Arch: amd64-64-little
RELRO: Full RELRO
Stack: No canary found
NX: NX disabled
PIE: PIE enabled
RWX: Has RWX segments
二进制文件开启了PIE但栈空间未开启canary且可执行。
运行程序感受一下:
$ ./shellpointcode
Linked lists are great!
They let you chain pieces of data together.
(15 bytes) Text for node 1:
AAAA
(15 bytes) Text for node 2:
BBBB
node1:
node.next: 0x7fff265da260
node.buffer: AAAA
What are your initials?
CCCC
Thanks CCCC
Segmentation fault
反汇编
CSAW CTF Qualification Round 2018 - shell->code的更多相关文章
- [C++]Store Credit——Google Code Jam Qualification Round Africa 2010
Google Code Jam Qualification Round Africa 2010 的第一题,很简单. Problem You receive a credit C at a local ...
- Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words
Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words https://code.google.com/cod ...
- Google Code Jam Africa 2010 Qualification Round Problem A. Store Credit
Google Code Jam Qualification Round Africa 2010 Problem A. Store Credit https://code.google.com/code ...
- Facebook Hacker Cup 2014 Qualification Round
2014 Qualification Round Solutions 2013年11月25日下午 1:34 ...最简单的一题又有bug...自以为是真是很厉害! 1. Square Detector ...
- Facebook Hacker Cup 2014 Qualification Round 竞赛试题 Square Detector 解题报告
Facebook Hacker Cup 2014 Qualification Round比赛Square Detector题的解题报告.单击这里打开题目链接(国内访问需要那个,你懂的). 原题如下: ...
- DP VK Cup 2012 Qualification Round D. Palindrome pairs
题目地址:http://blog.csdn.net/shiyuankongbu/article/details/10004443 /* 题意:在i前面找回文子串,在i后面找回文子串相互配对,问有几对 ...
- dp - Google Code jam Qualification Round 2015 --- Problem B. Infinite House of Pancakes
Problem B. Infinite House of Pancakes Problem's Link: https://code.google.com/codejam/contest/6224 ...
- Google Code jam Qualification Round 2015 --- Problem A. Standing Ovation
Problem A. Standing Ovation Problem's Link: https://code.google.com/codejam/contest/6224486/dashbo ...
- Google Code Jam 2009 Qualification Round Problem C. Welcome to Code Jam
本题的 Large dataset 本人尚未解决. https://code.google.com/codejam/contest/90101/dashboard#s=p2 Problem So yo ...
随机推荐
- Springboot ,1开启配置与2.扫描包(控制层,service层)二个注解@EnableAutoConfiguration,@ComponentScan 合并成一个注解@SpringBootApplication
//@EnableAutoConfiguration//@ComponentScan(value= {"com.foen.cloud.controller.*","com ...
- Java WebService服务
其中cxf框架 http://cxf.apache.org/ Apache CXF™: An Open-Source Services Framework Overview Apache CXF™ i ...
- 【转】excel音标乱码
源地址:https://zhidao.baidu.com/question/204553900.html 百度一个音标字体文件,下载后再拷贝到C:\WINDOWS\FONTS目录下面就可以了 下载地址 ...
- django缓存优化(三)
This should give you a feel for how this module operates:: import memcache mc = memcache.Client(['12 ...
- Bing Beats Google for the Best Way to X-Ray Search LinkedIn
Bing Beats Google for the Best Way to X-Ray Search LinkedIn 11/13/11 Note: I’ve provided some update ...
- ruby的DIR.pwd
在ruby 中,以下代码可以获得当前脚本的绝对路径: require 'pathname' puts Pathname.new(__FILE__).realpath 将以上代码保存在test1.rb中 ...
- Oracle 11g修改默认端口1521为其他值
1.修改listener.ora 打开文件D:\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora,修改PORT ...
- MySQL 安装示例数据库(employee、world、sakila、menagerie 等)
sakila 示例数据库官方资料及安装说明,注意查看示例数据库支持的版本是否匹配你的数据库. 为了测试,有时候需要大量的数据集,MySQL 官方提供了用于测试的示例数据库,下载页面在 这里. 下面以 ...
- 怎么查看keras 或者 tensorflow 正在使用的GPU
查看keras认得到的GPU from keras import backend as K K.tensorflow_backend._get_available_gpus() Out[28]: [' ...
- CVTRES : fatal error CVT1100: duplicate resource
升级某些VC6工程到VS2017,除了目录问题外,就是这个. 解决方法: Properties > Linker > Manifest File 第一项,Generate Manifest ...