原题

Linked lists are great! They let you chain pieces of data together.

nc pwn.chal.csaw.io 9005

链接:https://ctftime.org/task/6644

附件:(下面那个打不开的图片就是,请将文件下载下来改名为shellpointcode)

题解

首先看下文件的基本信息:

$ file shellpointcode
shellpointcode: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=214cfc4f959e86fe8500f593e60ff2a33b3057ee, not stripped

一个64位Linux二进制动态链接文件且未去除符号信息(not stripped)。

再看下二进制文件的安全措施:

$ checksec shellpointcode
Arch: amd64-64-little
RELRO: Full RELRO
Stack: No canary found
NX: NX disabled
PIE: PIE enabled
RWX: Has RWX segments

二进制文件开启了PIE但栈空间未开启canary且可执行。

运行程序感受一下:

$ ./shellpointcode
Linked lists are great!
They let you chain pieces of data together. (15 bytes) Text for node 1:
AAAA
(15 bytes) Text for node 2:
BBBB
node1:
node.next: 0x7fff265da260
node.buffer: AAAA What are your initials?
CCCC
Thanks CCCC Segmentation fault

反汇编

CSAW CTF Qualification Round 2018 - shell->code的更多相关文章

  1. [C++]Store Credit——Google Code Jam Qualification Round Africa 2010

    Google Code Jam Qualification Round Africa 2010 的第一题,很简单. Problem You receive a credit C at a local ...

  2. Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words

    Google Code Jam Africa 2010 Qualification Round Problem B. Reverse Words https://code.google.com/cod ...

  3. Google Code Jam Africa 2010 Qualification Round Problem A. Store Credit

    Google Code Jam Qualification Round Africa 2010 Problem A. Store Credit https://code.google.com/code ...

  4. Facebook Hacker Cup 2014 Qualification Round

    2014 Qualification Round Solutions 2013年11月25日下午 1:34 ...最简单的一题又有bug...自以为是真是很厉害! 1. Square Detector ...

  5. Facebook Hacker Cup 2014 Qualification Round 竞赛试题 Square Detector 解题报告

    Facebook Hacker Cup 2014 Qualification Round比赛Square Detector题的解题报告.单击这里打开题目链接(国内访问需要那个,你懂的). 原题如下: ...

  6. DP VK Cup 2012 Qualification Round D. Palindrome pairs

    题目地址:http://blog.csdn.net/shiyuankongbu/article/details/10004443 /* 题意:在i前面找回文子串,在i后面找回文子串相互配对,问有几对 ...

  7. dp - Google Code jam Qualification Round 2015 --- Problem B. Infinite House of Pancakes

    Problem B. Infinite House of Pancakes Problem's Link:   https://code.google.com/codejam/contest/6224 ...

  8. Google Code jam Qualification Round 2015 --- Problem A. Standing Ovation

    Problem A. Standing Ovation Problem's Link:   https://code.google.com/codejam/contest/6224486/dashbo ...

  9. Google Code Jam 2009 Qualification Round Problem C. Welcome to Code Jam

    本题的 Large dataset 本人尚未解决. https://code.google.com/codejam/contest/90101/dashboard#s=p2 Problem So yo ...

随机推荐

  1. 【java】Split函数踩坑记

    先看一段代码: String line = "openssh|7.1"; String[] pkg = line.split("|"); System.out. ...

  2. 吸$DN

    旧博客:https://blog.csdn.net/gmh77 从几年前开始用CSDN,见证了CSDN是如何一步步走向辣鸡的 广告?ABP 登录看文章?雨我无瓜账号常年不退 分类要慢慢点也可以接受 前 ...

  3. 新建 SecondFragment 实现类

    package com.test.mvp.mvpdemo.mvp.v6.view; import android.os.Bundle;import android.support.annotation ...

  4. Windows 10 Shell命令

    可以在[win+R] run 窗口 和 explorer窗口中使用 在command prompt中使用: C:\Users\a>explorer shell:sendto “ shell:Ac ...

  5. postman使用动态token发post请求小结

    最近使用postman做接口测试,感觉挺好用的. 测试中,每次post请求都要携带一个token,token是通过get请求得来的,动态变化的,并且token有有效期的限制.为了避免重复获取token ...

  6. mariadb(三)查

    -查询基本使用(条件,排序,聚合函数,分组,分页) 1)创建一个表结构然后添加数据 create table baba (id int unsigned not null auto_increment ...

  7. ALDS1_1_3_D Areas on the Cross-Section Diagram 遇见了几个有意思的语法问题

    Your task is to simulate a flood damage. For a given cross-section diagram, reports areas of flooded ...

  8. Autoencoder基本操作及其Tensorflow实现

    最近几个月一直在和几个小伙伴做Deep Learning相关的事情.除了像tensorflow,gpu这些框架或工具之外,最大的收获是思路上的,Neural Network相当富余变化,发挥所想.根据 ...

  9. IIS网站绑定域名

    你新建的网站右键-->编辑绑定-->添加 -->类型:http,IP地址:全部未分配,端口号:80,主机名:你的域名,例如yangche.cn-->确定

  10. Notepad++添加插件Funtion List 支持PHP

    插件下载地址:functionlist插件 配置方法:关闭notepad++; functionlist.dll拷贝到 安装目录/plugins目录下; 下载php.bmp 地址:https://gi ...