kn0ck's blog

一群CTF爱好者

鹏城杯2018WEB shadow题解

前言

今天打完了鹏城杯,还是一脸懵逼,主办方疯狂放提示,选手疯狂懵逼。。。
我在一堆脑洞题之间还是看到了一道比较有意思的web题目,虽然最后也没出flag,但还是挺有感悟的。

CODEGATE 2019 PWN writeup

STILL LOVE PWN AND EXPLOIT

aeiou

vuln

It seems like a heap problem, but there is no loop in main function. We can only do action on time. When look into the programe, I find that there is a stack overflow in teach number function which address is 0x4013aa. The buff is only 0x1000, but we can input 0x10000. Obviously, it is a stack overflow vuln.