Detailed explanation of PWN protection mechanism
Explain and summarize the protection mechanism encountered in the pwn process.
Stack Canaries
Put a well written: PWN Canary learning - sarace - blog Park (cnblogs.com)
brief introduction
stack canaries are canaries from underground coal mines. They can detect gas leakage faster than miners and have the function of early warning. When this con ...
Posted by future_man on Mon, 29 Nov 2021 09:08:32 -0800
[pwnable.kr]Toddler's Bottle-[bof]
Open the topic and review it
Nana told me that buffer overflow is one of the most common software vulnerability.
Is that true?
Download : http://pwnable.kr/bin/bof
Download : http://pwnable.kr/bin/bof.c
Running at : nc pwnable.kr 9000
Nana told me that buffer overflow is one of the most common software vulnerabilities.
Int ...
Posted by ghost007 on Fri, 19 Nov 2021 09:42:53 -0800
2021 Hecheng cup pwn part wp
littleof
ret2libc is given for nothing. The first output divulges canary, and the second output divulges the base address of libc. By the way, control the return address, and then return to input, and then get shell (stall)
#!/usr/bin/env python
#coding=utf-8
from pwn import*
sh = remote("182.116.62.85", 27056)
#sh = process('./littleof')
el ...
Posted by JD^ on Sat, 09 Oct 2021 10:51:06 -0700
Tips for writing exp
Tips for writing exp
1. Code alignment
When filling in the address in exp, pay attention to the filling of code length
2. Fill to specified length
3. Link the remote server or link the local file
# long-range
r = remote('objective IP Or target URL',Destination port number)
# local
r = process('./file name')
4. Format conversion
The ...
Posted by Johnain on Mon, 20 Sep 2021 16:52:57 -0700