随笔分类 -  ret2libc3合集

[HarekazeCTF2019]baby_rop2
摘要:# [HarekazeCTF2019]baby_rop2 64位的ret2libc3 ## 0x01 ![image-20230808095301880](https://raw.githubusercontent.com/lmarch2/images/main/typora/20230808095 阅读全文
posted @ 2023-08-08 13:07 lmarch2 阅读(151) 评论(0) 推荐(0)
bjdctf_2020_babyrop
摘要:# bjdctf_2020_babyrop ## 0x01 注意这题位64位。32位和64位传参有区别 ![image-20230807231036816](https://raw.githubusercontent.com/lmarch2/images/main/typora/2023080723 阅读全文
posted @ 2023-08-08 13:07 lmarch2 阅读(79) 评论(0) 推荐(0)
pwn2_sctf_2016
摘要:# pwn2_sctf_2016 ## 0x01 32位开NX泄露libc ![image-20230808104509112](https://raw.githubusercontent.com/lmarch2/images/main/typora/202308081045150.png) 注意g 阅读全文
posted @ 2023-08-08 13:05 lmarch2 阅读(152) 评论(0) 推荐(0)
ret2libc3
摘要:# ret2libc3 ctf-wiki ret2libc3 考点:栈溢出rop ### 0x01 file checksec —— 32-bit 开NX ![](https://raw.githubusercontent.com/lmarch2/images/main/typora/2023080 阅读全文
posted @ 2023-08-08 12:55 lmarch2 阅读(170) 评论(0) 推荐(0)
铁人三项(第五赛区)_2018_rop
摘要:# 铁人三项(第五赛区)_2018_rop 经典ret2libc3 ![image-20230807225923356](https://raw.githubusercontent.com/lmarch2/images/main/typora/202308072259415.png) exp ``` 阅读全文
posted @ 2023-08-08 12:49 lmarch2 阅读(33) 评论(0) 推荐(0)
[OGeek2019]babyrop
摘要:# [OGeek2019]babyrop ## 0x01 64位程序,开启NX 没有system函数和/bin/sh字符串 ## 0x02 分析程序: main函数中,先读取一个随机数到fd,并作为参数传入sub_804871F函数,再将sub_804871F函数的返回值作为参数传入sub_8048 阅读全文
posted @ 2023-08-07 21:37 lmarch2 阅读(58) 评论(0) 推荐(0)
ciscn_2019_c_1
摘要:# ciscn_2019_c_1 ### 0x01 简单的ret2libc3 file checksec —— 64-bit 开NX ### 0x02 运行一下看看 ![](https://raw.githubusercontent.com/lmarch2/images/main/typora/20 阅读全文
posted @ 2023-08-07 19:21 lmarch2 阅读(41) 评论(0) 推荐(0)