Writeup

harmodriver

发表于 分类于
Challenge | 2020 | XCTF高校网络安全专题挑战赛 | HarmonyOS和HMS专场 | RealWorld | harmodriver

点击此处获得更好的阅读体验

WriteUp来源

来自官方发布

https://www.xctf.org.cn/library/details/5acdc1c31cf4935ac38fce445978888a5710cf11/

题目描述

内核驱动

题目考点

  • info leak

  • UAF

  • ROP

解题思路

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from pwn import *

p = remote("127.0.0.1", 22222)

with open("./sample_test", 'r') as f:
   content = f.read()

content = content.encode('hex')
l = len(content)

p.recvline()
start = 0
left = l
while left > 0:
   if left < 0x1000:
       to_read_size = left
   else:
       to_read_size = 0x1000
   p.sendline(content[start: start + to_read_size])
   start += to_read_size
   left -= to_read_size

p.sendline("Exit")

p.interactive()