攻防世界pwn新手区

PWN

Word count: 86 | Reading time≈ 1 min

简介

web学不下去了

ida打开附件，查看main函数

如果if条件满足，可以执行函数得到flag

栈溢出，通过read函数读unk变量覆盖dword变量

所以脚本如下，四个字节是unk覆盖是p64，decode是为了不报错

执行结果

得到flag

Copyright： Copyright is owned by the author. For commercial reprints, please contact the author for authorization. For non-commercial reprints, please indicate the source.