mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
1.3 KiB
1.3 KiB
6.1.6 pwn DefconCTF2015 fuckup
ret2vdso 原理
在你使用 ldd
命令时,通常会显示出 vDSO,如下:
$ ldd /usr/bin/ls
linux-vdso.so.1 (0x00007ffff7ffa000)
libcap.so.2 => /usr/lib/libcap.so.2 (0x00007ffff79b2000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007ffff75fa000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007ffff7dd8000)
32 位程序则会显示 linux-gate.so.1
,都是一个意思。
题目解析
$ file fuckup
fuckup: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
$ checksec -f fuckup
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
No RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No 0 0 fuckup
Exploit
完整的 exp 如下,其他文件放在了github相应文件夹中: