当前位置：首页 > news >正文

小程序微网站做怎样的网站能赚钱

news 2026/4/21 9:58:02

小程序微网站,做怎样的网站能赚钱,北京网站优化策略,wordpress代码缩进通过网盘分享的文件#xff1a;如果能重来.zip 链接: https://pan.baidu.com/s/1XKIJx32nWVcSpKiWFQGpYA?pwd1111 提取码: 1111 --来自百度网盘超级会员v2的分享漏洞分析格式化字符串漏洞,在printf(format); __int64 sub_13D7() {char format[56]; // [rsp10h] [rbp-40h]…通过网盘分享的文件如果能重来.zip 链接: https://pan.baidu.com/s/1XKIJx32nWVcSpKiWFQGpYA?pwd1111 提取码: 1111 --来自百度网盘超级会员v2的分享漏洞分析格式化字符串漏洞,在printf(format); __int64 sub_13D7() {char format[56]; // [rsp10h] [rbp-40h] BYREFunsigned __int64 v2; // [rsp48h] [rbp-8h]v2 __readfsqword(0x28u);printf(Please input your name: );if ( (int)sub_1247(format, 55LL) 0 ){if ( dword_404C ){printf(format);--dword_404C;puts(There will be a gift for you here . . .);}else{puts(0.o? );}return 0LL;}else{puts(Error reading name.);return 0xFFFFFFFFLL;} }确定参数偏移 ❯ gdb pwn GNU gdb (Ubuntu 12.1-0ubuntu1~22.04.2) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-linux-gnu. Type show configuration for configuration details. For bug reporting instructions, please see: https://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at:http://www.gnu.org/software/gdb/documentation/.For help, type help. Type apropos word to search for commands related to word... startpwndbg: loaded 165 pwndbg commands and 46 shell commands. Type pwndbg [--shell | --all] [filter] for a list. pwndbg: created $rebase, $base, $bn_sym, $bn_var, $bn_eval, $ida GDB functions (can be used with print/break) Reading symbols from pwn... (No debugging symbols found in pwn) ------- tip of the day (disable with set show-tips off) ------- If you want Pwndbg to clear screen on each command (but still save previous output in history) use set context-clear-screen on pwndbg start Temporary breakpoint 1 at 0x5555555550e0Temporary breakpoint 1, 0x00005555555550e0 in ?? () LEGEND: STACK | HEAP | CODE | DATA | WX | RODATA ───────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]───────────────────────────────────────RAX 0x1cRBX 0RCX 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816RDX 0x7ffff7fe0d60 ◂— endbr64 RDI 0x7ffff7ffe190 —▸ 0x555555554000 ◂— 0x10102464c457fRSI 0x7ffff7ffe730 ◂— 0R8 0R9 2R10 0xfR11 0R12 0x5555555550e0 ◂— endbr64 R13 0x7fffffffc460 ◂— 1R14 0R15 0RBP 0RSP 0x7fffffffc460 ◂— 1RIP 0x5555555550e0 ◂— endbr64 ────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]────────────────────────────────────────────────► 0x5555555550e0 endbr64 0x5555555550e4 xor ebp, ebp EBP 00x5555555550e6 mov r9, rdx R9 0x7ffff7fe0d60 ◂— endbr64 0x5555555550e9 pop rsi RSI 10x5555555550ea mov rdx, rsp RDX 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn0x5555555550ed and rsp, 0xfffffffffffffff0 RSP 0x7fffffffc460 (0x7fffffffc468 -0x10)0x5555555550f1 push rax0x5555555550f2 push rsp0x5555555550f3 lea r8, [rip 0x426] R8 0x555555555520 ◂— endbr64 0x5555555550fa lea rcx, [rip 0x3af] RCX 0x5555555554b0 ◂— endbr64 0x555555555101 lea rdi, [rip 0x385] RDI 0x55555555548d ◂— endbr64 ─────────────────────────────────────────────────────────────[ STACK ]────────────────────────────────────────────────────────────── 00:0000│ r13 rsp 0x7fffffffc460 ◂— 1 01:0008│ 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 02:0010│ 0x7fffffffc470 ◂— 0 03:0018│ rcx 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816 04:0020│ 0x7fffffffc480 —▸ 0x7fffffffc841 ◂— SSH_AUTH_SOCK/run/user/1000/keyring/ssh 05:0028│ 0x7fffffffc488 —▸ 0x7fffffffc86a ◂— SESSION_MANAGERlocal/ubuntu:/tmp/.ICE-unix/1816,unix/ubuntu:/tmp/.ICE-unix/1816 06:0030│ 0x7fffffffc490 —▸ 0x7fffffffc8bc ◂— PAPERSIZEa4 07:0038│ 0x7fffffffc498 —▸ 0x7fffffffc8c9 ◂— GNOME_TERMINAL_SCREEN/org/gnome/Terminal/screen/aab6f309_847c_4363_b37f_36574de33f67 ───────────────────────────────────────────────────────────[ BACKTRACE ]────────────────────────────────────────────────────────────► 0 0x5555555550e01 0x12 0x7fffffffc80b3 0x0 ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg b *$rebase(0x1444) Breakpoint 2 at 0x555555555401 pwndbg run Starting program: /home/a5rz/Desktop/pwn/file/pwnPlease input your name: aaaaaaaa%p%p%p%p%p%p%p%p%p%p%p%pBreakpoint 2, 0x0000555555555444 in ?? () LEGEND: STACK | HEAP | CODE | DATA | WX | RODATA ───────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]───────────────────────────────────────RAX 0RBX 0x5555555554b0 ◂— endbr64 RCX 0RDX 1RDI 0x7fffffffc2e0 ◂— aaaaaaaa%p%p%p%p%p%p%p%p%p%p%p%pSomething strange hereRSI 0x7fffffffc2af ◂— 0x1000000200a /* \n */R8 0x18R9 0x18R10 0x555555556008 ◂— Please input your name: R11 0x246R12 0x5555555550e0 ◂— endbr64 R13 0x7fffffffc460 ◂— 1R14 0R15 0RBP 0x7fffffffc320 —▸ 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0RSP 0x7fffffffc2d0 ◂— 0RIP 0x555555555444 ◂— call 0x5555555550b0 ────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]────────────────────────────────────────────────► 0x555555555444 call printfplt printfpltformat: 0x7fffffffc2e0 ◂— aaaaaaaa%p%p%p%p%p%p%p%p%p%p%p%pSomething strange herevararg: 0x7fffffffc2af ◂— 0x1000000200a /* \n */0x555555555449 mov eax, dword ptr [rip 0x2bfd] EAX, [0x55555555804c]0x55555555544f sub eax, 10x555555555452 mov dword ptr [rip 0x2bf4], eax0x555555555458 lea rdi, [rip 0xbd9] RDI 0x555555556038 ◂— There will be a gift for you here . . .0x55555555545f call putsplt putsplt0x555555555464 jmp 0x555555555472 0x555555555472↓0x555555555472 mov eax, 0 EAX 00x555555555477 mov rdx, qword ptr [rbp - 8]0x55555555547b xor rdx, qword ptr fs:[0x28]0x555555555484 je 0x55555555548b 0x55555555548b ─────────────────────────────────────────────────────────────[ STACK ]────────────────────────────────────────────────────────────── 00:0000│ rsp 0x7fffffffc2d0 ◂— 0 01:0008│-048 0x7fffffffc2d8 ◂— 0xf7fc37d0f7fc25c0 02:0010│ rdi 0x7fffffffc2e0 ◂— aaaaaaaa%p%p%p%p%p%p%p%p%p%p%p%pSomething strange here 03:0018│-038 0x7fffffffc2e8 ◂— %p%p%p%p%p%p%p%p%p%p%p%pSomething strange here ... ↓ 2 skipped 06:0030│-020 0x7fffffffc300 ◂— Something strange here 07:0038│-018 0x7fffffffc308 ◂— g strange here ───────────────────────────────────────────────────────────[ BACKTRACE ]────────────────────────────────────────────────────────────► 0 0x5555555554441 0x5555555553bc2 0x5555555554a93 0x7ffff7df9083 __libc_start_main2434 0x55555555510e ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg stack 90 00:0000│ rsp 0x7fffffffc2d0 ◂— 0 01:0008│-048 0x7fffffffc2d8 ◂— 0xf7fc37d0f7fc25c0 02:0010│ rdi 0x7fffffffc2e0 ◂— aaaaaaaa%p%p%p%p%p%p%p%p%p%p%p%pSomething strange here 03:0018│-038 0x7fffffffc2e8 ◂— %p%p%p%p%p%p%p%p%p%p%p%pSomething strange here ... ↓ 2 skipped 06:0030│-020 0x7fffffffc300 ◂— Something strange here 07:0038│-018 0x7fffffffc308 ◂— g strange here 08:0040│-010 0x7fffffffc310 ◂— 0x657265682065 /* e here */ 09:0048│-008 0x7fffffffc318 ◂— 0x4d8fe1de9078d800 0a:0050│ rbp 0x7fffffffc320 —▸ 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0 0b:0058│008 0x7fffffffc328 —▸ 0x5555555553bc ◂— mov eax, 0 0c:0060│010 0x7fffffffc330 ◂— welcome to WuCup ! 0d:0068│018 0x7fffffffc338 ◂— to WuCup ! 0e:0070│020 0x7fffffffc340 ◂— 0x555555002120 /* ! */ 0f:0078│028 0x7fffffffc348 —▸ 0x7fffffffc460 ◂— 1 10:0080│030 0x7fffffffc350 ◂— 0 11:0088│038 0x7fffffffc358 ◂— 0x4d8fe1de9078d800 12:0090│040 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0 13:0098│048 0x7fffffffc368 —▸ 0x5555555554a9 ◂— mov eax, 0 14:00a0│050 0x7fffffffc370 ◂— 0 15:00a8│058 0x7fffffffc378 —▸ 0x7ffff7df9083 (__libc_start_main243) ◂— mov edi, eax 16:00b0│060 0x7fffffffc380 —▸ 0x7ffff7ffc620 (_rtld_global_ro) ◂— 0x50fa700000000 17:00b8│068 0x7fffffffc388 —▸ 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 18:00c0│070 0x7fffffffc390 ◂— 0x100000000 19:00c8│078 0x7fffffffc398 —▸ 0x55555555548d ◂— endbr64 1a:00d0│080 0x7fffffffc3a0 —▸ 0x5555555554b0 ◂— endbr64 1b:00d8│088 0x7fffffffc3a8 ◂— 0xb19ed39ac14d0a56 1c:00e0│090 0x7fffffffc3b0 —▸ 0x5555555550e0 ◂— endbr64 1d:00e8│098 0x7fffffffc3b8 —▸ 0x7fffffffc460 ◂— 1 1e:00f0│0a0 0x7fffffffc3c0 ◂— 0 1f:00f8│0a8 0x7fffffffc3c8 ◂— 0 20:0100│0b0 0x7fffffffc3d0 ◂— 0x4e612c65464d0a56 (V\nMFe,aN) 21:0108│0b8 0x7fffffffc3d8 ◂— 0x4e613c25e1230a56 22:0110│0c0 0x7fffffffc3e0 ◂— 0 ... ↓ 2 skipped 25:0128│0d8 0x7fffffffc3f8 ◂— 1 26:0130│0e0 0x7fffffffc400 —▸ 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 27:0138│0e8 0x7fffffffc408 —▸ 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816 28:0140│0f0 0x7fffffffc410 —▸ 0x7ffff7ffe190 —▸ 0x555555554000 ◂— 0x10102464c457f 29:0148│0f8 0x7fffffffc418 ◂— 0 2a:0150│100 0x7fffffffc420 ◂— 0 2b:0158│108 0x7fffffffc428 —▸ 0x5555555550e0 ◂— endbr64 2c:0160│110 0x7fffffffc430 —▸ 0x7fffffffc460 ◂— 1 2d:0168│118 0x7fffffffc438 ◂— 0 2e:0170│120 0x7fffffffc440 ◂— 0 2f:0178│128 0x7fffffffc448 —▸ 0x55555555510e ◂— hlt 30:0180│130 0x7fffffffc450 —▸ 0x7fffffffc458 ◂— 0x1c 31:0188│138 0x7fffffffc458 ◂— 0x1c 32:0190│ r13 0x7fffffffc460 ◂— 1 33:0198│148 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 34:01a0│150 0x7fffffffc470 ◂— 0 35:01a8│158 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816 36:01b0│160 0x7fffffffc480 —▸ 0x7fffffffc841 ◂— SSH_AUTH_SOCK/run/user/1000/keyring/ssh 37:01b8│168 0x7fffffffc488 —▸ 0x7fffffffc86a ◂— SESSION_MANAGERlocal/ubuntu:/tmp/.ICE-unix/1816,unix/ubuntu:/tmp/.ICE-unix/1816 38:01c0│170 0x7fffffffc490 —▸ 0x7fffffffc8bc ◂— PAPERSIZEa4 39:01c8│178 0x7fffffffc498 —▸ 0x7fffffffc8c9 ◂— GNOME_TERMINAL_SCREEN/org/gnome/Terminal/screen/aab6f309_847c_4363_b37f_36574de33f67 3a:01d0│180 0x7fffffffc4a0 —▸ 0x7fffffffc91f ◂— LANGUAGEzh_CN:en_GB:en 3b:01d8│188 0x7fffffffc4a8 —▸ 0x7fffffffc937 ◂— LANGzh_CN.UTF-8 3c:01e0│190 0x7fffffffc4b0 —▸ 0x7fffffffc948 ◂— WAYLAND_DISPLAYwayland-0 3d:01e8│198 0x7fffffffc4b8 —▸ 0x7fffffffc962 ◂— LC_IDENTIFICATIONzh_CN.UTF-8 3e:01f0│1a0 0x7fffffffc4c0 —▸ 0x7fffffffc980 ◂— XDG_SESSION_CLASSuser 3f:01f8│1a8 0x7fffffffc4c8 —▸ 0x7fffffffc997 ◂— XDG_CURRENT_DESKTOPubuntu:GNOME 40:0200│1b0 0x7fffffffc4d0 —▸ 0x7fffffffc9b8 ◂— PWD/home/a5rz/Desktop/pwn/file 41:0208│1b8 0x7fffffffc4d8 —▸ 0x7fffffffc9d8 ◂— QT_IM_MODULEibus 42:0210│1c0 0x7fffffffc4e0 —▸ 0x7fffffffc9ea ◂— USERa5rz 43:0218│1c8 0x7fffffffc4e8 —▸ 0x7fffffffc9f4 ◂— DESKTOP_SESSIONubuntu 44:0220│1d0 0x7fffffffc4f0 —▸ 0x7fffffffca0b ◂— XDG_MENU_PREFIXgnome- 45:0228│1d8 0x7fffffffc4f8 —▸ 0x7fffffffca22 ◂— OLDPWD/home/a5rz/Desktop/pwn/file 46:0230│1e0 0x7fffffffc500 —▸ 0x7fffffffca45 ◂— LC_MEASUREMENTzh_CN.UTF-8 47:0238│1e8 0x7fffffffc508 —▸ 0x7fffffffca60 ◂— DBUS_SESSION_BUS_ADDRESSunix:path/run/user/1000/bus,guid648017a497f89697dfa1bf47674d827a 48:0240│1f0 0x7fffffffc510 —▸ 0x7fffffffcabc ◂— LC_NUMERICzh_CN.UTF-8 49:0248│1f8 0x7fffffffc518 —▸ 0x7fffffffcad3 ◂— SSH_AGENT_LAUNCHERgnome-keyring 4a:0250│200 0x7fffffffc520 —▸ 0x7fffffffcaf4 ◂— _/home/a5rz/Desktop/pwn/file/pwn 4b:0258│208 0x7fffffffc528 —▸ 0x7fffffffcb16 ◂— GTK_MODULESgail:atk-bridge 4c:0260│210 0x7fffffffc530 —▸ 0x7fffffffcb32 ◂— VTE_VERSION6800 4d:0268│218 0x7fffffffc538 —▸ 0x7fffffffcb43 ◂— XDG_SESSION_DESKTOPubuntu 4e:0270│220 0x7fffffffc540 —▸ 0x7fffffffcb5e ◂— QT_ACCESSIBILITY1 4f:0278│228 0x7fffffffc548 —▸ 0x7fffffffcb71 ◂— GNOME_DESKTOP_SESSION_IDthis-is-deprecated 50:0280│230 0x7fffffffc550 —▸ 0x7fffffffcb9d ◂— GNOME_SETUP_DISPLAY:1 51:0288│238 0x7fffffffc558 —▸ 0x7fffffffcbb4 ◂— LC_TIMEzh_CN.UTF-8 52:0290│240 0x7fffffffc560 —▸ 0x7fffffffcbc8 ◂— LOGNAMEa5rz 53:0298│248 0x7fffffffc568 —▸ 0x7fffffffcbd5 ◂— GNOME_TERMINAL_SERVICE:1.112 54:02a0│250 0x7fffffffc570 —▸ 0x7fffffffcbf3 ◂— LC_PAPERzh_CN.UTF-8 55:02a8│258 0x7fffffffc578 —▸ 0x7fffffffcc08 ◂— HOME/home/a5rz 56:02b0│260 0x7fffffffc580 —▸ 0x7fffffffcc18 ◂— GNOME_SHELL_SESSION_MODEubuntu 57:02b8│268 0x7fffffffc588 —▸ 0x7fffffffcc38 ◂— XDG_DATA_DIRS/usr/local/share/:/usr/share/:/var/lib/snapd/desktop 58:02c0│270 0x7fffffffc590 —▸ 0x7fffffffcc7b ◂— XMODIFIERSimibus 59:02c8│278 0x7fffffffc598 —▸ 0x7fffffffcc8f ◂— XDG_RUNTIME_DIR/run/user/1000pwndbg ni aaaaaaaa0x7fffffffc2af0x1(nil)0x180x18(nil)0xf7fc37d0f7fc25c00x61616161616161610x70257025702570250x70257025702570250x70257025702570250x6e696874656d6f53Somethingaaaaaaaa 0x7fffffffc2af 0x1 (nil) 0x18 0x18 (nil) 0xf7fc37d0f7fc25c0 0x6161616161616161 0x70257025702570250x70257025702570250x70257025702570250x6e696874656d6f53Something得知偏移量为8,验证 pwndbg run Starting program: /home/a5rz/Desktop/pwn/file/pwn Please input your name: aaaaaaaa%8$pBreakpoint 2, 0x0000555555555444 in ?? () LEGEND: STACK | HEAP | CODE | DATA | WX | RODATA ───────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]───────────────────────────────────────RAX 0RBX 0x5555555554b0 ◂— endbr64 RCX 0RDX 1RDI 0x7fffffffc2e0 ◂— 0x6161616161616161 (aaaaaaaa)RSI 0x7fffffffc2af ◂— 0x10000000c0a /* \n\x0c */R8 0x18R9 0x18R10 0x555555556008 ◂— Please input your name: R11 0x246R12 0x5555555550e0 ◂— endbr64 R13 0x7fffffffc460 ◂— 1R14 0R15 0RBP 0x7fffffffc320 —▸ 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0RSP 0x7fffffffc2d0 ◂— 0RIP 0x555555555444 ◂— call 0x5555555550b0 ────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]────────────────────────────────────────────────► 0x555555555444 call printfplt printfpltformat: 0x7fffffffc2e0 ◂— 0x6161616161616161 (aaaaaaaa)vararg: 0x7fffffffc2af ◂— 0x10000000c0a /* \n\x0c */0x555555555449 mov eax, dword ptr [rip 0x2bfd] EAX, [0x55555555804c]0x55555555544f sub eax, 10x555555555452 mov dword ptr [rip 0x2bf4], eax0x555555555458 lea rdi, [rip 0xbd9] RDI 0x555555556038 ◂— There will be a gift for you here . . .0x55555555545f call putsplt putsplt0x555555555464 jmp 0x555555555472 0x555555555472↓0x555555555472 mov eax, 0 EAX 00x555555555477 mov rdx, qword ptr [rbp - 8]0x55555555547b xor rdx, qword ptr fs:[0x28]0x555555555484 je 0x55555555548b 0x55555555548b ─────────────────────────────────────────────────────────────[ STACK ]────────────────────────────────────────────────────────────── 00:0000│ rsp 0x7fffffffc2d0 ◂— 0 01:0008│-048 0x7fffffffc2d8 ◂— 0xf7fc37d0f7fc25c0 02:0010│ rdi 0x7fffffffc2e0 ◂— 0x6161616161616161 (aaaaaaaa) 03:0018│-038 0x7fffffffc2e8 ◂— 0x7fff70243825 04:0020│-030 0x7fffffffc2f0 ◂— 0 05:0028│-028 0x7fffffffc2f8 —▸ 0x7fffffffc300 ◂— Something strange here 06:0030│-020 0x7fffffffc300 ◂— Something strange here 07:0038│-018 0x7fffffffc308 ◂— g strange here ───────────────────────────────────────────────────────────[ BACKTRACE ]────────────────────────────────────────────────────────────► 0 0x5555555554441 0x5555555553bc2 0x5555555554a93 0x7ffff7df9083 __libc_start_main2434 0x55555555510e ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg c Continuing. aaaaaaaa0x6161616161616161There will be a gift for you here . . . [Inferior 1 (process 3806) exited normally]ebp总是指向上一个ebp,我们可以使用这个特性用第一个ebp改写第二个ebp,再用第二个ebp作为跳板更改栈上任意地址? pwndbg stack 60 00:0000│ rsp 0x7fffffffc2d0 ◂— 0 01:0008│-048 0x7fffffffc2d8 ◂— 0xf7fc37d0f7fc25c0 02:0010│ rdi 0x7fffffffc2e0 ◂— 0x30 /* 0 */ 03:0018│-038 0x7fffffffc2e8 —▸ 0x7ffff7e67525 ◂— cmp eax, -1 04:0020│-030 0x7fffffffc2f0 ◂— 0 05:0028│-028 0x7fffffffc2f8 —▸ 0x7fffffffc300 ◂— Something strange here 06:0030│-020 0x7fffffffc300 ◂— Something strange here 07:0038│-018 0x7fffffffc308 ◂— g strange here 08:0040│-010 0x7fffffffc310 ◂— 0x657265682065 /* e here */ 09:0048│-008 0x7fffffffc318 ◂— 0x1fdd857982303200 0a:0050│ rbp 0x7fffffffc320 —▸ 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0 0b:0058│008 0x7fffffffc328 —▸ 0x5555555553bc ◂— mov eax, 0 0c:0060│010 0x7fffffffc330 ◂— welcome to WuCup ! 0d:0068│018 0x7fffffffc338 ◂— to WuCup ! 0e:0070│020 0x7fffffffc340 ◂— 0x555555002120 /* ! */ 0f:0078│028 0x7fffffffc348 —▸ 0x7fffffffc460 ◂— 1 10:0080│030 0x7fffffffc350 ◂— 0 11:0088│038 0x7fffffffc358 ◂— 0x1fdd857982303200 12:0090│040 0x7fffffffc360 —▸ 0x7fffffffc370 ◂— 0 13:0098│048 0x7fffffffc368 —▸ 0x5555555554a9 ◂— mov eax, 0 14:00a0│050 0x7fffffffc370 ◂— 0 15:00a8│058 0x7fffffffc378 —▸ 0x7ffff7df9083 (__libc_start_main243) ◂— mov edi, eax 16:00b0│060 0x7fffffffc380 —▸ 0x7ffff7ffc620 (_rtld_global_ro) ◂— 0x50fa700000000 17:00b8│068 0x7fffffffc388 —▸ 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 18:00c0│070 0x7fffffffc390 ◂— 0x100000000 19:00c8│078 0x7fffffffc398 —▸ 0x55555555548d ◂— endbr64 1a:00d0│080 0x7fffffffc3a0 —▸ 0x5555555554b0 ◂— endbr64 1b:00d8│088 0x7fffffffc3a8 ◂— 0x3d68c2224b0eb8ed 1c:00e0│090 0x7fffffffc3b0 —▸ 0x5555555550e0 ◂— endbr64 1d:00e8│098 0x7fffffffc3b8 —▸ 0x7fffffffc460 ◂— 1 1e:00f0│0a0 0x7fffffffc3c0 ◂— 0 1f:00f8│0a8 0x7fffffffc3c8 ◂— 0 20:0100│0b0 0x7fffffffc3d0 ◂— 0xc2973dddcc0eb8ed 21:0108│0b8 0x7fffffffc3d8 ◂— 0xc2972d9d6b60b8ed 22:0110│0c0 0x7fffffffc3e0 ◂— 0 ... ↓ 2 skipped 25:0128│0d8 0x7fffffffc3f8 ◂— 1 26:0130│0e0 0x7fffffffc400 —▸ 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 27:0138│0e8 0x7fffffffc408 —▸ 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816 28:0140│0f0 0x7fffffffc410 —▸ 0x7ffff7ffe190 —▸ 0x555555554000 ◂— 0x10102464c457f 29:0148│0f8 0x7fffffffc418 ◂— 0 2a:0150│100 0x7fffffffc420 ◂— 0 2b:0158│108 0x7fffffffc428 —▸ 0x5555555550e0 ◂— endbr64 2c:0160│110 0x7fffffffc430 —▸ 0x7fffffffc460 ◂— 1 2d:0168│118 0x7fffffffc438 ◂— 0 2e:0170│120 0x7fffffffc440 ◂— 0 2f:0178│128 0x7fffffffc448 —▸ 0x55555555510e ◂— hlt 30:0180│130 0x7fffffffc450 —▸ 0x7fffffffc458 ◂— 0x1c 31:0188│138 0x7fffffffc458 ◂— 0x1c 32:0190│ r13 0x7fffffffc460 ◂— 1 33:0198│148 0x7fffffffc468 —▸ 0x7fffffffc80b ◂— /home/a5rz/Desktop/pwn/file/pwn 34:01a0│150 0x7fffffffc470 ◂— 0 35:01a8│158 0x7fffffffc478 —▸ 0x7fffffffc82b ◂— SYSTEMD_EXEC_PID1816 36:01b0│160 0x7fffffffc480 —▸ 0x7fffffffc841 ◂— SSH_AUTH_SOCK/run/user/1000/keyring/ssh 37:01b8│168 0x7fffffffc488 —▸ 0x7fffffffc86a ◂— SESSION_MANAGERlocal/ubuntu:/tmp/.ICE-unix/1816,unix/ubuntu:/tmp/.ICE-unix/1816 38:01c0│170 0x7fffffffc490 —▸ 0x7fffffffc8bc ◂— PAPERSIZEa4 39:01c8│178 0x7fffffffc498 —▸ 0x7fffffffc8c9 ◂— GNOME_TERMINAL_SCREEN/org/gnome/Terminal/screen/aab6f309_847c_4363_b37f_36574de33f67 3a:01d0│180 0x7fffffffc4a0 —▸ 0x7fffffffc91f ◂— LANGUAGEzh_CN:en_GB:en 3b:01d8│188 0x7fffffffc4a8 —▸ 0x7fffffffc937 ◂— LANGzh_CN.UTF-8确实没思路了,有没有师傅能发个wp或指点一下?谢谢了,先看看另一道webpwn了

查看全文

http://www.hkea.cn/news/14353146/