Vulnhub之Foxholes靶机详细解题过程
作者: jason_huawen
靶机基本信息
名称:FoxHole: 1.0.1
地址:https://www.vulnhub.com/entry/foxhole-101,566/
识别目标主机IP地址
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ sudo netdiscover -i eth1
Currently scanning: 192.168.62.0/16 | Screen View: Unique Hosts
3 Captured ARP Req/Rep packets, from 3 hosts. Total size: 180
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.56.1 0a:00:27:00:00:0a 1 60 Unknown vendor
192.168.56.100 08:00:27:5a:b6:37 1 60 PCS Systemtechnik GmbH
192.168.56.199 08:00:27:7b:ef:39 1 60 PCS Systemtechnik GmbH
利用Kali Linux自带的netdiscover工具识别目标主机的IP地址为192.168.56.199
NMAP扫描
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.199 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-20 22:00 EST
Nmap scan report for bogon (192.168.56.199)
Host is up (0.000066s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 15:de:6d:52:fd:1e:66:db:12:60:bf:b9:bb:fa:83:07 (RSA)
| 256 18:4c:0a:6f:cc:77:c3:30:ad:8c:c5:0a:74:e0:7c:79 (ECDSA)
|_ 256 23:37:4f:55:2b:13:c5:46:a0:3a:24:e2:95:da:8d:27 (ED25519)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Photosen — Colorlib Website Template
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:7B:EF:39 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.43 seconds
NMAP扫描结果表明目标主机有2个开放端口22(SSH)、80(HTTP)
Get Access
浏览80端口,返回是一个照片网站。
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/robots.txt
/secret.html
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/secret.html
<!DOCTYPE html>
<html lang="en">
<body>
<center>
<img src="images/x.png">
<h1> Jebaited </h1>
<br>
<a> There IS a hint <i>somewhere</i> though, keep looking ;3
</center>
</body>
里面有一张图片,下载到本地:
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ wget http://192.168.56.199/images/x.png
--2022-11-20 22:06:18-- http://192.168.56.199/images/x.png
Connecting to 192.168.56.199:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25995 (25K) [image/png]
Saving to: ‘x.png’
x.png 100%[================================================================================================================================>] 25.39K --.-KB/s in 0s
2022-11-20 22:06:18 (723 MB/s) - ‘x.png’ saved [25995/25995]
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ nikto -h http://192.168.56.199
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 192.168.56.199
+ Target Hostname: 192.168.56.199
+ Target Port: 80
+ Start Time: 2022-11-20 22:07:37 (GMT-5)
---------------------------------------------------------------------------
+ Server: Apache/2.4.41 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server may leak inodes via ETags, header found with file /, inode: 23af, size: 5aee8ce5af43c, mtime: gzip
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST
+ OSVDB-3092: /admin.html: This might be interesting...
+ OSVDB-3268: /css/: Directory indexing found.
+ OSVDB-3092: /css/: This might be interesting...
+ OSVDB-3092: /readme.txt: This might be interesting...
+ OSVDB-3268: /images/: Directory indexing found.
+ 9535 requests: 0 error(s) and 10 item(s) reported on remote host
+ End Time: 2022-11-20 22:07:54 (GMT-5) (17 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
*********************************************************************
Portions of the server's headers (Apache/2.4.41) are not in
the Nikto 2.1.6 database or are newer than the known string. Would you like
to submit this information (*no server specific data*) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)?
发现了/admin.html页面
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ curl http://192.168.56.199/admin.html
<!DOCTYPE html>
<html lang="en">
<body>
<center>
<img src="images/smug.png">
<h1> Try harder~ There's no admin panel here~ </h1>
<
<a> Maybe take a nice *deep* look at that one purple fox picture? I dunno. </a>
</center>
</body>
作者提示:紫色的狐狸图片?
/images目录下确实看到了一张purple的狐狸图片,将其下载到Kali Linux本地
但是有啥,回过头去,查看/images目录有什么图片,发现我刚才遗漏了一张,文件名是foxy1.jpeg,也是狐狸,将其下载到本地
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ wget http://192.168.56.199/images/foxy1.jpeg
--2022-11-20 22:19:27-- http://192.168.56.199/images/foxy1.jpeg
Connecting to 192.168.56.199:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101229 (99K) [image/jpeg]
Saving to: ‘foxy1.jpeg’
foxy1.jpeg 100%[================================================================================================================================>] 98.86K --.-KB/s in 0.001s
2022-11-20 22:19:27 (99.0 MB/s) - ‘foxy1.jpeg’ saved [101229/101229]
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ls
foxy1.jpeg foxy.jpeg nmap_full_scan x.png
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ steghide extract -sf foxy1.jpeg
Enter passphrase:
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ stegseek foxy1.jpeg -wl /usr/share/wordlists/rockyou.txt
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek
[i] Found passphrase: ""
[i] Original filename: "msg.txt".
[i] Extracting to "foxy1.jpeg.out".
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ls
foxy1.jpeg foxy1.jpeg.out foxy.jpeg nmap_full_scan x.png
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ cat foxy1.jpeg.out
WTB1M3NjYXAzZFRoM0YweEgwbGUhClVzZXJuYW1lIGlzIGZveCA7Mw==
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ echo "WTB1M3NjYXAzZFRoM0YweEgwbGUhClVzZXJuYW1lIGlzIGZveCA7Mw==" | base64 -d
Y0u3scap3dTh3F0xH0le!
Username is fox ;3
这会不是ssh用户名和密码,试一试
┌──(kali㉿kali)-[~/Vulnhub/Foxholes]
└─$ ssh fox@192.168.56.199
The authenticity of host '192.168.56.199 (192.168.56.199)' can't be established.
ED25519 key fingerprint is SHA256:Rm2f273lnPEJLx3YgNDWBN20k3xpMgYGce2VnFNjMEQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.56.199' (ED25519) to the list of known hosts.
fox@192.168.56.199's password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-47-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
304 updates can be installed immediately.
112 of these updates are security updates.
To see these additional updates run: apt list --upgradable
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Your Hardware Enablement Stack (HWE) is supported until April 2025.
Last login: Thu Sep 10 14:05:53 2020
fox@FoxHole:~$ id
uid=1000(fox) gid=1000(fox) groups=1000(fox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare)
成功登录SSH
fox@FoxHole:/home$ cd fox
fox@FoxHole:~$ ls -alh
total 104K
drwxr-xr-x 17 fox fox 4.0K Sep 9 2020 .
drwxr-xr-x 3 root root 4.0K Sep 9 2020 ..
lrwxrwxrwx 1 fox fox 9 Sep 9 2020 .bash_history -> /dev/null
-rw-r--r-- 1 fox fox 220 Sep 9 2020 .bash_logout
-rw-r--r-- 1 fox fox 3.7K Sep 9 2020 .bashrc
drwx------ 13 fox fox 4.0K Sep 9 2020 .cache
drwxr-xr-x 13 fox fox 4.0K Sep 9 2020 .config
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Desktop
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Documents
drwxr-xr-x 4 fox fox 4.0K Sep 9 2020 Downloads
-rw------- 1 fox fox 797 Sep 9 2020 .gdb_history
-rw-rw-r-- 1 fox fox 22 Sep 9 2020 .gdbinit
-rwsrwxr-x 1 root root 16K Sep 9 2020 GiveMeRootPlz
drwx------ 3 fox fox 4.0K Nov 21 03:25 .gnupg
drwxr-xr-x 3 fox fox 4.0K Sep 9 2020 .local
drwx------ 5 fox fox 4.0K Sep 9 2020 .mozilla
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Music
drwxrwxr-x 4 fox fox 4.0K Sep 9 2020 peda
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Pictures
-rw-r--r-- 1 fox fox 807 Sep 9 2020 .profile
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Public
drwx------ 2 fox fox 4.0K Sep 9 2020 .ssh
-rw-r--r-- 1 fox fox 0 Sep 9 2020 .sudo_as_admin_successful
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Templates
drwxr-xr-x 2 fox fox 4.0K Sep 9 2020 Videos
fox@FoxHole:~$ ./GiveMeRootPlz
Do you want the root password?yes
You didn't convince me!
Maybe you should write me a *very long* reason why I should give you the password
这个GiveMeRootPlz很可以,将其下载到Kali Linux本地分析
Do you want the root password?yes
You didn't convince me!
Maybe you should write me a *very long* reason why I should give you the password
fox@FoxHole:~$ ./GiveMeRootPlz
是不是有缓冲区溢出漏洞?
fox@FoxHole:~$ ./GiveMeRootPlz
Do you want the root password?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Segmentation fault (core dumped)
可以看到确实存在缓冲区溢出漏洞,那么如何利用呢?
太复杂了,暂时放弃对缓冲区溢出漏洞的利用。
STRIVE FOR PROGRESS,NOT FOR PERFECTION
