Skip to content

Commit

Permalink
complete some excerpt
Browse files Browse the repository at this point in the history
  • Loading branch information
RocketMaDev committed Sep 11, 2024
1 parent d29d12d commit 2b9628e
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
7 changes: 5 additions & 2 deletions source/_posts/ciscn2024/gostack.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: ciscn2024 - gostack
date: 2024/5/23 00:47:00
updated: 2024/7/25 12:34:56
updated: 2024/9/11 23:35:00
tags:
- go
- rop
Expand Down Expand Up @@ -38,7 +38,6 @@ excerpt: 通过栈溢出控制返回地址,利用Go程序的漏洞成功执行
网上很多wp写rop的链子,很怪,程序不是提供了后门吗。。直接把返回地址修改成`&main.main.func2`
就可以任意执行一个shell命令,输入`cat flag`就可以获得flag

![success](/assets/ciscn2024/success.png)
## EXPLOIT

```python
Expand All @@ -62,3 +61,7 @@ def payload(lo:int):

sh.interactive()
```

{% note default fa-flag %}
![success](/assets/ciscn2024/success.png)
{% endnote %}
1 change: 1 addition & 0 deletions source/_posts/dasxmarek2024/alphacode.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
title: DASCTF2024八月开学季 - alphacode
date: 2024/09/05 00:12:00
updated: 2024/09/11 23:05:00
excerpt: 使用`sendfile`系统调用,通过异或解码与`imul`绕过 shellcode 字符限制,逐字节输出flag。
tags:
- shellcode
---
Expand Down
2 changes: 2 additions & 0 deletions source/_posts/dasxmarek2024/clock.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@
title: DASCTF2024八月开学季 - clock
date: 2024/09/05 00:15:00
updated: 2024/09/13 19:49:00
excerpt: 通过`vsnprintf`格式化漏洞,利用`%*c%6$lln`覆盖`puts@got`为堆地址,执行自定义shellcode。
tags:
- fmt-string
- tricks
---

{% note green fa-heart %}
Expand Down

0 comments on commit 2b9628e

Please sign in to comment.