# 6.1.16 pwn HITBGSECCTF2017 1000levels - [题目复现](#题目复现) - [题目解析](#题目解析) - [Exploit](#exploit) - [参考资料](#参考资料) [下载文件](../src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels) ## 题目复现 ``` $ file 1000levels 1000levels: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d0381dfa29216ed7d765936155bbaa3f9501283a, not stripped $ checksec -f 1000levels RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE Partial RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH No 0 6 1000levels $ strings libc.so.6 | grep -i ubuntu GNU C Library (Ubuntu GLIBC 2.23-0ubuntu9) stable release version 2.23, by Roland McGrath et al. ``` ## 题目解析 ## Exploit ## 参考资料 - https://ctftime.org/task/4539