ret2libc
| ID: | 2064 |
|---|---|
| 标题: | ret2libc |
| 描述: | Notes: Sending exactly 80 bytes + new line(which gets will replace with a null byte) will result in a null byte written in the least significant byte of the saved ECX value on stack. Include a rop chain in the 80 bytes. To increase success rate, use a ret slide with a short rop chain. You have a chance for the stack pivoting at the end of the main function to land on your payload & you execute a ROP chain. |
| 类型: | PWN |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2211.html |
| 赛事: | SecurinetsQualsCTF2023 |
| 年度: | 2023 |
| Flag值: | 无 |
| writeup: | https://www.cnblogs.com/JmpCliff/articles/17611169.html |