# 6.1.17 pwn SECCONCTF2016 jmper - [题目复现](#题目复现) - [题目解析](#题目解析) - [Exploit](#exploit) - [参考资料](#参考资料) [下载文件](../src/writeup/6.1.17_pwn_secconctf2016_jmper) ## 题目复现 ``` $ file jmper jmper: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=9fce8ae11b21c03bf2aade96e1d763be668848fa, not stripped $ checksec -f jmper RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE Full RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No 0 4 jmper $ strings libc-2.19.so | grep "GNU C" GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al. Compiled by GNU CC version 4.8.4. ``` 64 位动态链接程序,但 Full RELRO 表示我们不能修改 GOT 表,然后还开启了 NX。 ## 题目解析 ## Exploit ## 参考资料 - https://ctftime.org/task/3169