CSAW CTF Qualification Round 2018 - shell->code

原题

Linked lists are great! They let you chain pieces of data together.

nc pwn.chal.csaw.io 9005

链接:https://ctftime.org/task/6644

附件:(下面那个打不开的图片就是,请将文件下载下来改名为shellpointcode)

题解

首先看下文件的基本信息:

$ file shellpointcode 
shellpointcode: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=214cfc4f959e86fe8500f593e60ff2a33b3057ee, not stripped

一个64位Linux二进制动态链接文件且未去除符号信息(not stripped)。

再看下二进制文件的安全措施:

$ checksec shellpointcode
    Arch:     amd64-64-little
    RELRO:    Full RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      PIE enabled
    RWX:      Has RWX segments

二进制文件开启了PIE但栈空间未开启canary且可执行。

运行程序感受一下:

$ ./shellpointcode 
Linked lists are great! 
They let you chain pieces of data together.
 
(15 bytes) Text for node 1:  
AAAA
(15 bytes) Text for node 2: 
BBBB
node1: 
node.next: 0x7fff265da260
node.buffer: AAAA
 
What are your initials?
CCCC
Thanks CCCC
 
Segmentation fault

反汇编

posted @ 2018-09-27 11:20  Antiver  阅读(221)  评论(0编辑  收藏  举报