御网杯2025
Canary复盘/ret2text/canary/伪随机数题目源码如下 123456__int64 __fastcall main(__int64 a1, char **a2, char **a3){ sub_401296(); sub_4013C7(); return 0LL;} 两个函数分别如下 12345678910111213141516171819void sub_401296(){ int v0; // eax int fd; // [rsp+Ch] [rbp-4h] setbuf(stdin, 0LL); setbuf(stdout, 0LL); setbuf(stderr, 0LL); fd = open("/dev/urandom", 0); if ( fd == -1 ) { printf("can't open /dev/urandom"); exit(-1); } read(fd,...
XYCTF2025
Ret2libc’s Revenge复现/ret2libc/全缓冲源码如下 12345678910111213141516171819202122232425262728293031323334353637int __fastcall main(int argc, const char **argv, const char **envp){ init(argc, argv, envp); puts("Ret2libc's Revenge"); revenge(); return 0;}__int64 init(){ setvbuf(stdin, 0LL, 2, 0LL); setvbuf(stdout, 0LL, 0, 0LL); setvbuf(stderr, 0LL, 0, 0LL); return 0LL;}__int64 revenge(){ int v0; // eax char v2[528]; // [rsp+0h] [rbp-220h] ...
TGCTF2025
签到ret2libc简单的retlibc,源码如下 123456789101112131415int __fastcall main(int argc, const char **argv, const char **envp){ char v4[112]; // [rsp+0h] [rbp-70h] BYREF setbuf(stdin, 0LL); setbuf(_bss_start, 0LL); setbuf(stderr, 0LL); puts( "As a student who has been learning pwn for half a year\n" "basic ROP is an essential skill that everyone should master. \n" "Therefore, hurry up and complete the check-in. \n" "Welcome to the Hangzhou Normal...
WHUCTF2025
repeater_handout复盘/ret2libc题目源码 1234567891011121314151617181920212223242526272829__int64 __fastcall main(int a1, char **a2, char **a3){ int v4; // [rsp+Ch] [rbp-24h] BYREF char buf[24]; // [rsp+10h] [rbp-20h] BYREF unsigned __int64 v6; // [rsp+28h] [rbp-8h] v6 = __readfsqword(0x28u); setvbuf(stdin, 0LL, 2, 0LL); setvbuf(stdout, 0LL, 2, 0LL); setvbuf(stderr, 0LL, 2, 0LL); puts( "When Siesta was chatting with Rin-chan, he was so engrossed that he couldn't hear...